You are not logged in.
- Topics: Active | Unanswered
#1 2025-01-20 11:03:40
- D3vil0p3r
- Member
- Registered: 2022-11-05
- Posts: 205
Deal with landlock error without using DisableSandbox option
I am using a very minimal Arch Linux containerized environment and during "pacman -Syy", I get the landlock error:
:: Synchronizing package databases...
core 116.1 KiB 276 KiB/s 00:00 [#####################################################################] 100%
extra 7.5 MiB 666 KiB/s 00:12 [#####################################################################] 100%
multilib 130.8 KiB 276 KiB/s 00:00 [#####################################################################] 100%
error: restricting filesystem access failed because the landlock ruleset could not be applied!The system is fully updated and landlock is enabled on the kernel as shown in:
zgrep CONFIG_SECURITY_LANDLOCK /proc/config.gz
CONFIG_SECURITY_LANDLOCK=yand it is using Linux LTS kernel:
uname -a
Linux d0c15343114d 6.6.72-1-lts #1 SMP PREEMPT_DYNAMIC Fri, 17 Jan 2025 14:04:26 +0000 x86_64 GNU/LinuxI would avoid to use "DisableSandbox" option in "pacman.conf".
How can we solve this error by keeping landlock enabled?
Offline
#2 2025-01-20 11:19:58
- gromit
- Administrator
- From: Germany
- Registered: 2024-02-10
- Posts: 1,523
- Website
Re: Deal with landlock error without using DisableSandbox option
Is this in some containerized or chroot environment?
Offline
#3 2025-01-20 21:31:59
- D3vil0p3r
- Member
- Registered: 2022-11-05
- Posts: 205
Re: Deal with landlock error without using DisableSandbox option
Docker container
Offline
#4 2025-01-20 21:39:02
- loqs
- Member
- Registered: 2014-03-06
- Posts: 18,868
Re: Deal with landlock error without using DisableSandbox option
If the kernel does not support landlock the error will be:
error: restricting filesystem access failed because landlock is not supported by the kernel!Edit:
https://github.com/opencontainers/runti … /pull/1241
Last edited by loqs (2025-01-20 21:42:02)
Offline