Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nix install on linux can fail with "cloning builder process: Operation not permitted" #1030

Open
simonmichael opened this issue May 18, 2019 · 1 comment

Comments

Projects
None yet
2 participants
@simonmichael
Copy link
Owner

commented May 18, 2019

The nix command for installing hledger, on the download page, can fail with an error like:

cloning builder process: Operation not permitted

since nix requires some kernel permission that GNU/Linux distros may not grant by default (NixOS/nix#2633). The workaround is to run a command similar to:

sudo sysctl kernel.unprivileged_userns_clone=1

before running nix-env.

Is it safe to leave this permission enabled ? https://security.stackexchange.com/questions/209529/what-does-enabling-kernel-unprivileged-userns-clone-do thinks not. So maybe you should disable it again after running nix-env:

sudo sysctl kernel.unprivileged_userns_clone=0

This all seems pretty lame, presumably nix will fix eventually.

@peti

This comment has been minimized.

Copy link
Contributor

commented Jun 1, 2019

Note NixOS/nix#2633 (comment). Nix needs those privileges to set up the build sandbox. Without sandboxing enabled, those privileges are not required.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.