--build-shell: bwrap: No permissions to creating new namespace,

[2-www]

Checklist

• [X] I agree to follow the Code of Conduct that this project adheres to.
• [X] I have searched the issue tracker for a bug that matches the one I want to file, without success.

flatpak-builder version

1.3.1

Flatpak version

1.14.4

How to reproduce

manifest.yaml:

app-id: org.example.App
runtime: org.freedesktop.Platform
runtime-version: "22.08"
sdk: org.freedesktop.Sdk
modules:
- name: example
  no-autogen: true
  buildsystem: simple
  build-commands: []

commands:

flatpak run org.flatpak.Builder --force-clean build-dir manifest.yaml
flatpak run org.flatpak.Builder --build-shell=example build-dir manifest.yaml

Expected Behavior

it opens a shell

Actual Behavior

bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.

Additional Information

the kernel allows unprivileged userns:

$ /sbin/sysctl kernel.unprivileged_userns_clone
kernel.unprivileged_userns_clone = 1

[2-www]

this might be the cause: https://github.com/flatpak/flatpak/commit/23ec4eda2f52e1570e2296061f9fd4763d7e3721

[Erick555]

flatpak 1.14.4 doesn't contain this commit (none flatpak release does yet).

[Erick555]

what's the output of: sysctl user.max_user_namespaces?

[2-www]

user.max_user_namespaces = 62211

what's the output of: sysctl user.max_user_namespaces?

[2-www]

yes, sorry, should have checked https://salsa.debian.org/debian/flatpak/-/blob/debian/bookworm/common/flatpak-run.c first, there's nothing like that there. what else could it be...