I’m trying to compile tor-browser on Manjaro ARM, and it needs kernel userspaces to be enabled.
According to ArchLinux documentation « The Arch linux, linux-lts and linux-zen kernel packages currently provide out-of-the-box support for unprivileged containers. Similarly, with the linux-hardened package, unprivileged containers are only available for the system administrator; with additional kernel configuration changes required, as user namespaces are disabled by default for normal users there. »
However, trying to check for kernel userspaces on :
A Pinebook Pro, kernel 6.0.0-2-MANJARO-ARM
A Raspberry Pi 4, kernel 5.15.72-1-MANJARO-ARM-RPI
I get on both :
❯ sysctl kernel.unprivileged_userns_clone
sysctl: cannot stat /proc/sys/kernel/unprivileged_userns_clone: No such file or directory
Furthermore, on the Pinebook Pro :
❯ zgrep CONFIG_USER_NS /proc/config.gz
CONFIG_USER_NS=y
But on the Pi the kernel config sems to be absent :
❯ zgrep CONFIG_USER_NS /proc/config.gz
gzip: /proc/config.gz: No such file or directory
However, it seems that on the Pinebook pro the kernel is compiled with user namespaces support, but I cannot enabled it using sysctl as it seems the control files in /proc are missing.
It would seem that something is missing to get that file to be created.
Any idea what it could be? We are willing to enable it, if we know what is needed, as long as it does not break anything else.
Well, yes I’m sure something is missing in the kernel, as on x86 Manjaro I get the /proc/sys/kernel/unprivileged_userns_clone entry, and on ARM I don’t…
Both on kernels 6.0.2 and after having “modprobe configs” of course.
/proc/sys/kernel files reflect kernel available features, so that makes little doubt to me.
About testing, when I try to build tor-browser on ARM it fails starting the userspace container with messages clearly stating unavaible features, while on x86 this part works (well it fails elsewhere, but that’s another issue).
Both machines being the same OS and having the same packages installed.