Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't install Nix 2.2.1 on clean Ubuntu 18.04 (error: cloning builder process: Operation not permitted) #2636

Open
thomasjm opened this issue Jan 17, 2019 · 14 comments
Open

Can't install Nix 2.2.1 on clean Ubuntu 18.04 (error: cloning builder process: Operation not permitted) #2636

thomasjm opened this issue Jan 17, 2019 · 14 comments
Labels
stale

Comments

@thomasjm
Copy link
Contributor

I'm trying to install Nix using the latest install script in Docker, via the simple Dockerfile below. This works fine with NIx 2.1.3 but now it doesn't work with Nix 2.2.1. I saw #1625 but for me the failure is even earlier than in that issue--the install script doesn't even succeed.

FROM ubuntu:18.04

RUN apt-get update
RUN apt-get install -y curl

RUN mkdir /nix
RUN chmod a+rwx /nix

RUN adduser user --home /home/user --disabled-password --gecos "" --shell /bin/bash
USER user
ENV USER user
WORKDIR /home/user

RUN curl https://nixos.org/nix/install | sh

Here's the full error:

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 22.5M  100 22.5M    0     0  4152k      0  0:00:05  0:00:05 --:--:-- 4854k
performing a single-user installation of Nix...
copying Nix to /nix/store.................................
initialising Nix database...
Nix: creating /home/user/.nix-profile
installing 'nix-2.2.1'
error: cloning builder process: Operation not permitted
error: unable to start build process
/tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile
@bbarker
Copy link

bbarker commented Jan 17, 2019

I'm getting the same results on Ubuntu 18.04; last working nix version is 2.1.3 for me as well.

@LnL7
Copy link
Member

LnL7 commented Jan 17, 2019

Sandboxing doesn't work in unprivileged containers.

@bbarker
Copy link

bbarker commented Jan 17, 2019

@LnL7 Hmm, this happens during docker build. I had thought it was privileged, but apparent not. I'll look into that linked issue for more ideas on how to maybe get around this - have to switch gears for now.

Also, when I run the container, I do use --privileged, so after it builds, it should work (I guess...).

@bbarker bbarker mentioned this issue Jan 17, 2019
Closed
@LnL7
Copy link
Member

LnL7 commented Jan 17, 2019

If sandboxing is something you don't care about it can be disabled (like the default on <2.2).

FROM ubuntu:18.04

RUN apt-get update \
 && apt-get install -y curl \
 && mkdir -p /nix /etc/nix \
 && chmod a+rwx /nix \
 && echo 'sandbox = false' > /etc/nix/nix.conf

RUN adduser user --home /home/user --disabled-password --gecos "" --shell /bin/bash
CMD /bin/bash -l
USER user
ENV USER user
WORKDIR /home/user

RUN touch .bash_profile \
 && curl https://nixos.org/releases/nix/nix-2.2.1/install | sh

@bbarker bbarker mentioned this issue Jan 17, 2019
Open
@m-elwin m-elwin mentioned this issue Jan 19, 2019
Closed
@matthewbauer
Copy link
Member

Maybe Nix should by default fall back to sandbox=false when unpriveleged user namespaces are disabled?

related to #2404

@asbachb
Copy link

asbachb commented Jan 25, 2019

Normally you should avoid that a software is doing something else than expected.
I guess a better option would be do print a note how to handle the situation e.g. by adding a flag and/or a reference what the problem is.

@mmequignon
Copy link

I have exactly the same issue on Debian Sid :

$ curl https://nixos.org/nix/install | sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2476  100  2476    0     0   6783      0 --:--:-- --:--:-- --:--:--  6783
downloading Nix 2.2.1 binary tarball for x86_64-linux from 'https://nixos.org/releases/nix/nix-2.2.1/nix-2.2.1-x86_64-linux.tar.bz2' to '/tmp/nix-binary-tarball-unpack.tQ8lssOHCF'...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 22.5M  100 22.5M    0     0  1247k      0  0:00:18  0:00:18 --:--:-- 1464k
Note: a multi-user installation is possible. See https://nixos.org/nix/manual/#sect-multi-user-installation
performing a single-user installation of Nix...
directory /nix does not exist; creating it by running 'mkdir -m 0755 /nix && chown matthieu /nix' using sudo
[sudo] Mot de passe de matthieu : 
copying Nix to /nix/store.................................
initialising Nix database...
Nix: creating /home/matthieu/.nix-profile
installing 'nix-2.2.1'
error: cloning builder process: Operation not permitted
error: unable to start build process
/tmp/nix-binary-tarball-unpack.tQ8lssOHCF/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile

kamilchm added a commit to kamilchm/go2nix that referenced this issue Feb 15, 2019
@kamilchm
FIX Can't install Nix 2.2.1 on clean Ubuntu 18.04
26d45af 
NixOS/nix#2636
f-f added a commit to f-f/docker-haskell-lavello that referenced this issue May 5, 2019
@f-f
Fix stack build and nix install
b59c6c6 
See NixOS/nix#2636 (comment)
@kadogo
Copy link

kadogo commented Jun 3, 2019

Same issue for me on Debian Stretch

$ curl https://nixos.org/nix/install | sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2476  100  2476    0     0   8804      0 --:--:-- --:--:-- --:--:--  8811
downloading Nix 2.2.2 binary tarball for x86_64-linux from 'https://nixos.org/releases/nix/nix-2.2.2/nix-2.2.2-x86_64-linux.tar.bz2' to '/tmp/nix-binary-tarball-unpack.9IltnINYVj'...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 22.5M  100 22.5M    0     0  7307k      0  0:00:03  0:00:03 --:--:-- 7309k
Note: a multi-user installation is possible. See https://nixos.org/nix/manual/#sect-multi-user-installation
performing a single-user installation of Nix...
directory /nix does not exist; creating it by running 'mkdir -m 0755 /nix && chown user /nix' using sudo
[sudo] Mot de passe de user : 
copying Nix to /nix/store.................................
initialising Nix database...
Nix: creating /home/user/.nix-profile
installing 'nix-2.2.2'
error: cloning builder process: Operation not permitted
error: unable to start build process
/tmp/nix-binary-tarball-unpack.9IltnINYVj/unpack/nix-2.2.2-x86_64-linux/install: unable to install Nix into your default profile

@Angr1st
Copy link

Angr1st commented Jun 7, 2019

Just to chime in have the same issue in PureOS (Debian 10 based):

$ curl https://nixos.org/nix/install | sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2476  100  2476    0     0  14312      0 --:--:-- --:--:-- --:--:-- 14312
downloading Nix 2.2.2 binary tarball for x86_64-linux from 'https://nixos.org/releases/nix/nix-2.2.2/nix-2.2.2-x86_64-linux.tar.bz2' to '/tmp/nix-binary-tarball-unpack.J2ndWcVpzX'...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 22.5M  100 22.5M    0     0  9016k      0  0:00:02  0:00:02 --:--:-- 9016k
Note: a multi-user installation is possible. See https://nixos.org/nix/manual/#sect-multi-user-installation
performing a single-user installation of Nix...
copying Nix to /nix/store.................................
initialising Nix database...
installing 'nix-2.2.2'
error: cloning builder process: Operation not permitted
error: unable to start build process
/tmp/nix-binary-tarball-unpack.J2ndWcVpzX/unpack/nix-2.2.2-x86_64-linux/install: unable to install Nix into your default profile

@matthewbauer
Copy link
Member

You can always run:

sudo sysctl -w kernel.unprivileged_userns_clone=1

on debian to enable userns

@matthewbauer matthewbauer mentioned this issue Jul 30, 2019
Merged
@chrissound
Copy link

Running into the same issue on a Hetzner VPS - no docker involved. Not sure if it's any significance though...

@kajahno
Copy link

kajahno commented Nov 29, 2019

For me what worked fine was @LnL7's Dockerfile, then passing the flag --privileged, like this:

$ docker run  -it -v $(pwd):/src -v nix-store:/nix --privileged  ubuntu-nix bash -c "you commands"

@matthewbauer matthewbauer mentioned this issue May 21, 2020
Closed
@stale
Copy link

stale bot commented Feb 16, 2021

I marked this as stale due to inactivity. → More info

@stale stale bot added the stale label Feb 16, 2021
@stale
Copy link

stale bot commented Apr 29, 2022

I closed this issue due to inactivity. → More info

@stale stale bot closed this as completed Apr 29, 2022
@thufschmitt thufschmitt reopened this Feb 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests