On Thu, 12 Mar 2020 at 17:14:12 +1100, Ian Wienand wrote:
> 7836 write(2, "No permissions to creating new namespace, likely because the
> kernel does not allow non-privileged user namespaces. On e.g. debian this can
> be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.", 199
> <unfinished ...>
> ---
>
> Setting kernel.unprivileged_userns_clone = 1 made thumbnails work again.
Is /usr/bin/bwrap setuid root? If you haven't changed it, its permissions
should be something like this:
$ ls -l /usr/bin/bwrap
-rwsr-xr-x 1 root root 59680 Nov 28 11:14 /usr/bin/bwrap
It's meant to work on Debian kernels if it is setuid root *or*
if the kernel.unprivileged_userns_clone sysctl is set to 1.
smcv
