Docs: Add Ubuntu 24.04 fix instructions #3721
Conversation
ocdtrekkie
added
documentation
|
@orblivion Can you review this PR? |
| user namespaces. You can run the following commands to correct this: | ||
|
|
||
| ```bash | ||
| sudo echo "kernel.apparmor_restrict_unprivileged_userns = 0" > /etc/sysctl.d/99-userns.conf |
There was a problem hiding this comment.
Did you actually run this successfully? I think the sudo powers wear off when you hit the > token:
sudo echo "test" > /etc/test-test-test
bash: /etc/test-test-test: Permission denied
There was a problem hiding this comment.
Also how comfortable are you with 99-userns being unique enough? That line (once permissions are fixed) would overwrite anything the user might have had there if they happened to have the same filename.
There was a problem hiding this comment.
I can do some testing with our VPS demo. Maybe we should change it to sandstorm-userns.conf or something so it's extremely unique?
|
Maybe wouldn't hurt to link to that security implications page from this solution. |
|
Testing as far as the permissions error? If that's what you mean, you can
confirm what I mean on any Linux system.
If "sandstorm" is in the name I would think that's plenty unique. And it
signals that it's supposed to be a new file specific to what we're doing.
…On Thu, Nov 21, 2024 at 5:12 PM Jacob Weisz ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In docs/administering/install-troubleshooting.md
<#3721 (comment)>
:
> @@ -129,6 +129,18 @@ sudo service sandstorm restart
This should resolve your problems. If not, please get in touch.
+## Are grains not starting on Ubuntu 24.04 or later?
+
+If your wildcard DNS is configured correctly, you should see the app icons correctly on the apps tab. If
+grains are not starting, and you are on Ubuntu 24.04 or later, AppArmor may be restricting unpriviliged
+user namespaces. You can run the following commands to correct this:
+
+```bash
+sudo echo "kernel.apparmor_restrict_unprivileged_userns = 0" > /etc/sysctl.d/99-userns.conf
I can do some testing with our VPS demo. Maybe we should change it to
sandstorm-userns.conf or something so it's extremely unique?
—
Reply to this email directly, view it on GitHub
<#3721 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAKH6BQR3U355LB57OQCAL2BZLFFAVCNFSM6AAAAABSF5XRTOVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDINJSHA3DGMZXGY>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
I am sure you are right, but clearly I should go do this on an Ubuntu 24.04 system and make sure I end up with working instructions before I update this PR. =) The other troubleshooting steps on the page didn't assume we already had root, so I figure we should not assume that as well. |
|
So... my test box I cannot not be root. :| Research tells me @orblivion Can you confirm that? |
ocdtrekkie
force-pushed
the
ubuntu2404-fix-docs
branch
from
96d1ed5 to
5ddea55
Compare
|
The command works, though don't forget the 99 (I don't know what it's there for but they all seem to have numbers) |
|
I read that it could be anything ending with .conf, and I did test with this filename on Ubuntu 24.04. I do not know why they start with numbers traditionally either. |
|
Does this updated note suffice for mergeability? Apparently the number scheme it's just a convenience for ordering: https://unix.stackexchange.com/questions/570770/what-does-the-number-in-sysctl-configuration-file-denote But in the case of using "99-" it serves the same purpose as just naming the file starting with "sandstorm-"... it's processed last alphabetically. IMHO, I'd rather be fully descriptive in the filename, i.e. sandstorm-userns over 99-sandstorm or 99-userns which is less clear what it's for or what it does. |
|
+1
|
We've had a bunch of people have weird reports of issues with Ubuntu 24.04, and so far this has been the solution to all of them. I think we should codify it in the documentation page.
@Michael-S found this solution, and deserves all the credit.