Hacking in docker: No permissions to creating new namespace - ignoring: Read-only file system
I'm trying to do https://developer.pitivi.org/HACKING.html?gi-language=undefined in a Docker image of Ubuntu 20.04 - this is how far I got:
(ptv-flatpak) user@0070be4e453d:~/pitivi-dev/pitivi_git$ ptvtests
Running in sandbox: gst-validate-launcher /home/user/pitivi-dev/pitivi_git/tests/ptv_testsuite.py --dump-on-failure
flatpak build --device=dri --env=PITIVI_DEVELOPMENT=1 --env=PYTHONUSERBASE=/app/ --env=CC=ccache gcc --env=CXX=ccache g++ --filesystem=xdg-run/gvfsd --filesystem=xdg-run/at-spi/bus --share=network --socket=pulseaudio --socket=session-bus --socket=wayland --socket=x11 --talk-name=org.freedesktop.Flatpak --env=PITIVI_REPO_DIR=/home/user/pitivi-dev/pitivi_git --env=LC_CTYPE=C.UTF-8 --env=GST_ENCODING_TARGET_PATH=/app/share/gstreamer-1.0/encoding-profiles/:/app/share/pitivi/encoding-profiles/: --env=GST_PLUGIN_SYSTEM_PATH=/app/lib/gstreamer-1.0/: --env=FREI0R_PATH=/app/lib/frei0r-1/: --env=GST_PRESET_PATH=/app/share/gstreamer-1.0/presets/:/app/share/pitivi/gstpresets/: /home/user/pitivi-dev/pitivi-prefix gst-validate-launcher /home/user/pitivi-dev/pitivi_git/tests/ptv_testsuite.py --dump-on-failure
bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.
Ok, so let me try this recommended sysctl kernel.unprivileged_userns_clone=1
:
(ptv-flatpak) user@0070be4e453d:~/pitivi-dev/pitivi_git$ sysctl kernel.unprivileged_userns_clone=1
sysctl: setting key "kernel.unprivileged_userns_clone", ignoring: Read-only file system
(ptv-flatpak) user@0070be4e453d:~/pitivi-dev/pitivi_git$ sudo sysctl kernel.unprivileged_userns_clone=1
[sudo] password for user:
sysctl: setting key "kernel.unprivileged_userns_clone", ignoring: Read-only file system
Well... no dice :(
What do I do here?
EDIT: if I run this with the administrator user of the docker image, that is via sudo su
, I get instead:
bwrap: Creating new namespace failed: Operation not permitted
Edited by sdbbs