[BUG] does not work on Ubuntu 24

[NightMachinery]

> /home/guest/.junest/usr/bin_wrappers/sudo pacman -Syy
bwrap: setting up uid map: Permission denied
Error: Something went wrong while executing bwrap command. Exiting

❯ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 24.04 LTS
Release:        24.04
Codename:       noble

❯ uname -a
Linux Taher 6.8.0-36-generic #36-Ubuntu SMP PREEMPT_DYNAMIC Mon Jun 10 10:49:14 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

[NightMachinery]

I solved this by:

cat << 'EOF' | sudo tee -a /etc/sysctl.d/soften.conf
kernel.apparmor_restrict_unprivileged_unconfined=0
kernel.apparmor_restrict_unprivileged_userns=0
EOF

sudo reboot

But this requires root access. Is there no way to do it without root access?

• https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces

[fsquillace]

Thanks for raising this, I am afraid that if ubuntu does not have user namespace enabled by default, a root access is needed. I am not really sure why they have done this. :/

In other ubuntu versions and majority of distros this is enabled by default.

[NightMachinery]

So it's impossible? I'll close the issue then, thanks.

[rickybrent]

I ran into the same problem -- you can enable user namespaces just for junest like this (at the default install location):

cat << 'EOF' | sudo tee /etc/apparmor.d/junest | sudo apparmor_parser -a
abi <abi/4.0>,
include <tunables/global>

profile junest @{HOME}/.opt/junest/bin/junest flags=(unconfined) {
  userns,
}
EOF

... though this does still require root.

[contrarybaton60]

linuxmint/mint22-beta#82