ubuntu24 unavailable (`fork/exec /proc/self/exe: operation not permitted`)

Question

ubuntu24 unavailable (`fork/exec /proc/self/exe: operation not permitted`)

6643 opened this issue 2 months ago · comments

Description

[INFO] Checking RootlessKit functionality
[rootlesskit:parent] error: failed to start the child: fork/exec /proc/self/exe: operation not permitted
[ERROR] RootlessKit failed, see the error messages and https://rootlesscontaine.rs/getting-started/common/ .

Steps to reproduce the issue

Describe the results you received and expected

nerdctl
FATA[0000] rootless containerd not running? (hint: use containerd-rootless-setuptool.sh install to start rootless containerd): stat /run/user/1000/containerd-rootless: no such file or directory

What version of nerdctl are you using?

ubuntu24

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

None

Host information

No response

Akihiro Suda · Answer 1 · Thu Jun 06 2024 13:05:19 GMT+0800 (China Standard Time)

What's your RootlessKit version?

Akihiro Suda · Answer 2 · Thu Jun 06 2024 13:07:01 GMT+0800 (China Standard Time)

Please try this

cat <<EOT | sudo tee "/etc/apparmor.d/usr.local.bin.rootlesskit"
abi <abi/4.0>,
include <tunables/global>

/usr/local/bin/rootlesskit flags=(unconfined) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/usr.local.bin.rootlesskit>
}
EOT
sudo systemctl restart apparmor.service

Akihiro Suda · Answer 3 · Thu Jun 06 2024 21:12:28 GMT+0800 (China Standard Time)

This is now documented in https://rootlesscontaine.rs/getting-started/common/apparmor/

no if · Answer 4 · Tue Jun 11 2024 12:06:50 GMT+0800 (China Standard Time)

@AkihiroSuda

thank you