Posts by [AF>Libristes] Kao

1) Message boards : Theory Application : Error: Failed to Unshare remaining namespaces (Message 50677) Posted 1 Oct 2024 by [AF>Libristes] Kao Post: Well I've found out what's happening. I also have docker on that machine. Which is using, I assume, a custom version of runc that, for whatever reason, does not work with LHC apps. Is there a way to force LHC to NOT use the local runc?
2) Message boards : Theory Application : Error: Failed to Unshare remaining namespaces (Message 50675) Posted 1 Oct 2024 by [AF>Libristes] Kao Post: I already had issues on the 28th : https://lhcathome.cern.ch/lhcathome/result.php?resultid=414588095 That's why I don't understand why it started to work and then to not work again. I will try what you are proposing tonight. In the event it does not work are you saying I should try to install runc 1.12? The only thing I did to runc was using apt update. So if Ubuntu's repo have bad versions... rip
3) Message boards : Theory Application : Error: Failed to Unshare remaining namespaces (Message 50668) Posted 30 Sep 2024 by [AF>Libristes] Kao Post: GNU nano 7.2 /usr/lib/systemd/system/boinc-client.service [Unit] Description=Berkeley Open Infrastructure Network Computing Client Documentation=man:boinc(1) Wants=vboxdrv.service After=vboxdrv.service network-online.target [Service] Type=simple ProtectHome=true ProtectSystem=full ProtectControlGroups=true ReadWritePaths=-/var/lib/boinc -/etc/boinc-client Nice=10 User=boinc WorkingDirectory=/var/lib/boinc ExecStart=/usr/bin/boinc ExecStop=/usr/bin/boinccmd --quit ExecReload=/usr/bin/boinccmd --read_cc_config ExecStopPost=/bin/rm -f lockfile IOSchedulingClass=idle # The following options prevent setuid root as they imply NoNewPrivileges=true # Since Atlas requires setuid root, they break Atlas # In order to improve security, if you're not using Atlas, # Add these options to the [Service] section of an override file using # sudo systemctl edit boinc-client.service #NoNewPrivileges=true #ProtectKernelModules=true #ProtectKernelTunables=true #RestrictRealtime=true #RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX #RestrictNamespaces=true #PrivateUsers=true #CapabilityBoundingSet= #MemoryDenyWriteExecute=true #PrivateTmp=true #Block X11 idle detection [Install] WantedBy=multi-user.target Here is the boinc-client service
4) Message boards : Theory Application : Error: Failed to Unshare remaining namespaces (Message 50666) Posted 30 Sep 2024 by [AF>Libristes] Kao Post: Hi, I'm getting a "failed to unshare remaining namespaces" error on some native tasks but not all of them. Here is one that failed: https://lhcathome.cern.ch/lhcathome/result.php?resultid=414634007 Here is one that succeeded: https://lhcathome.cern.ch/lhcathome/result.php?resultid=414604581 I'm not sure to understand what's happening, and i've tried everything i had in mind for fixing this. Including the "kernel.unprivileged_userns_clone = 1" kernel setting. The machine is running ubuntu 24.04 Thanks for your help

LHC@home