克隆构建器进程:使用 Nix(Linux 下)更新通道时不允许操作

tag-icon tag-icon nix nixpkgs
克隆构建器进程:使用 Nix(Linux 下)更新通道时不允许操作

我使用 Arch Linux 4.19.15-1-lts #1 SMP Sun Jan 13 13:53:52 CET 2019 x86_64 GNU/Linux。我也安装了 Nix:nix-env (Nix) 2.2

在最近更新版本之前,我从未遇到过任何问题2.2。我总是按照以下两个步骤进行升级/更新:

$ nix-channel --update
...
$ nix-env --upgrade
...

...但是在最近的2.2更新之后我再也找不到nix-channel --update工作的方法了。我总是收到这些错误:

error: cloning builder process: Operation not permitted
error: unable to start build process
error: program '/nix/store/876x7a35qbn3q062b6zcz6va88m0990d-nix-2.2/bin/nix-env' failed with exit code 1

...即使我回滚之前的操作:

$ nix-channel --update 
unpacking channels...
error: cloning builder process: Operation not permitted
error: unable to start build process
error: program '/nix/store/876x7a35qbn3q062b6zcz6va88m0990d-nix-2.2/bin/nix-env' failed with exit code 1
$ nix-channel --rollback 
switching from generation 40 to 39
$ nix-channel --update 
unpacking channels...
error: cloning builder process: Operation not permitted
error: unable to start build process
error: program '/nix/store/876x7a35qbn3q062b6zcz6va88m0990d-nix-2.2/bin/nix-env' failed with exit code 1

这是我在更新列表中的内容:

$ nix-channel --list 
nixpkgs https://nixos.org/channels/nixpkgs-unstable

...最终我什至无法删除它:

$ nix-channel --remove nixpkgs 
uninstalling 'nixpkgs-19.03pre165281.7d864c6bd63'
error: cloning builder process: Operation not permitted
error: unable to start build process
error: program '/nix/store/876x7a35qbn3q062b6zcz6va88m0990d-nix-2.2/bin/nix-env' failed with exit code 1

我想避免重新安装。

更新

我已经等不及了!哦:)

我继续并删除了当前安装...当我进行全新安装时,我基本上得到了相同的结果:

$ sh <(curl https://nixos.org/nix/install) --no-daemon 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2476  100  2476    0     0   5417      0 --:--:-- --:--:-- --:--:--  5406
downloading Nix 2.2.1 binary tarball for x86_64-linux from 'https://nixos.org/releases/nix/nix-2.2.1/nix-2.2.1-x86_64-linux.tar.bz2' to '/tmp/nix-binary-tarball-unpack.n5vqvsi4Uq'...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 22.5M  100 22.5M    0     0  4016k      0  0:00:05  0:00:05 --:--:-- 4377k
Note: a multi-user installation is possible. See https://nixos.org/nix/manual/#sect-multi-user-installation
performing a single-user installation of Nix...
directory /nix does not exist; creating it by running 'mkdir -m 0755 /nix && chown x80486 /nix' using sudo
[sudo] password for x80486: 
copying Nix to /nix/store.................................
initialising Nix database...
Nix: creating /home/x80486/.nix-profile
installing 'nix-2.2.1'
error: cloning builder process: Operation not permitted
error: unable to start build process
/tmp/nix-binary-tarball-unpack.n5vqvsi4Uq/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile

...看起来,总的来说,Linux(或者特别是使用的发行版)和 Nix 发生了一些事情。

答案1

按照中的建议这条评论解决问题:

sysctl kernel.unprivileged_userns_clone=1

答案2

Nix 为克隆使用了相当多的标志,主要是分离一些linux命名空间。我预计您的系统不支持其中某些功能无特权的流程。 IIRC 一些发行版出于安全考虑而选择了这一点。

相关内容