Zenn
🤖

Ubuntu 24.04 で Yocto Linux がビルドコケる問題 (proc/self/uid_map に書き込めない)

2024/05/01に公開
Ubuntu
yoctolinux
tech

Background

Ubuntu 24.04 で Yocto Linux (nanbield) をビルドしようとすると以下のようなエラーが発生する。

tomoki@akane:~/poky/build$ bitbake core-image-sato
WARNING: Host distribution "ubuntu-24.04" has not been validated with this version of the build system; you may possibly experience unexpected failures. It is recommended that you use a tested distribution.
Loading cache: 100% |####################################################################################################################| Time: 0:00:00
Loaded 1844 entries from dependency cache.
NOTE: Resolving any missing task queue dependencies

Build Configuration:
BB_VERSION           = "2.6.0"
BUILD_SYS            = "x86_64-linux"
NATIVELSBSTRING      = "universal"
TARGET_SYS           = "x86_64-poky-linux"
MACHINE              = "qemux86-64"
DISTRO               = "poky"
DISTRO_VERSION       = "4.3.4"
TUNE_FEATURES        = "m64 core2"
TARGET_FPU           = ""
meta                 
meta-poky            
meta-yocto-bsp       = "my-nanbield:7b8aa378d069ee31373f22caba3bd7fc7863f447"

Initialising tasks: 100% |###############################################################################################################| Time: 0:00:03
Sstate summary: Wanted 4298 Local 0 Mirrors 0 Missed 4298 Current 33 (0% match, 0% complete)
NOTE: Executing Tasks
ERROR: PermissionError: [Errno 1] Operation not permitted

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/tomoki/poky/bitbake/bin/bitbake-worker", line 276, in child
    bb.utils.disable_network(uid, gid)
  File "/home/tomoki/poky/bitbake/lib/bb/utils.py", line 1693, in disable_network
    with open("/proc/self/uid_map", "w") as f:
PermissionError: [Errno 1] Operation not permitted

この問題は https://bugs.launchpad.net/ubuntu/+source/dash/+bug/2056555 でトラックされている (upstream にもコメント済み)。

解決方法

dmesg を確認すると以下のように app armor のエラーが出ていることがわかる

[ 2229.188009] audit: type=1400 audit(1714466038.573:555): apparmor="DENIED" operation="capable" class="cap" profile="unprivileged_userns" pid=20223 comm="texinfo-dummy-n" capability=21  capname="sys_admin"

なので該当するポリシーを無効にしてあげれば解決する。

$ sudo apparmor_parser -R /etc/apparmor.d/unprivileged_userns

Discussion