Vasily Galkin created an issue:
Summary
Since several days ago at least some gitlab runners tagged with "flatpak" are actully unable execute flatpak-builder or flatpack run on image: registry.gitlab.gnome.org/gnome/gnome-runtime-images/gnome:master.
The error message appered is bwrap: Creating new namespace failed.
Servers are different - flatpak-gcc176-osuosl.org and flatpak-gcc150.osuosl.org
Steps to reproduce
For example see https://gitlab.gnome.org/GNOME/epiphany/-/jobs/613861 and https://gitlab.gnome.org/GNOME/meld/-/jobs/614992
For epiphany the flatpak tag is used for selecting flatpak-capable runners is inherited from https://gitlab.gnome.org/GNOME/citemplates/raw/master/flatpak/flatpak_ci_initiative.yml
For meld it was explicitely added to run some extra tests in ready-to-use org.gnome.Sdk flatpak environment instead of redownloading needed gnome packages on every build.
What is the current bug behavior?
Gitlab job failes. Same pipelines used to work fine neraly 1 week ago. The flatpak command executed fine (maybe dockers were privileged).
What is the expected correct behavior?
The most expected solution would be flatpak commands works fine with image: registry.gitlab.gnome.org/gnome/gnome-runtime-images/gnome:master used on gitlab runner with flatpak gitlab.
Relevant logs and/or screenshots
Copies from the links above for the case if jobs would be deleted.
https://gitlab.gnome.org/GNOME/epiphany/-/jobs/613861
Cc-ing as in default template and maintainer of meld - to inform that the issue failing meld's pipeline is discussed here.
Running with gitlab-runner 12.7.1 (003fe500)
on flatpak-gcc176-osuosl.org 9yoQTy2e
Using Docker executor with image registry.gitlab.gnome.org/gnome/gnome-runtime-images/gnome:master ...
00:04
Authenticating with credentials from job payload (GitLab Registry)
Pulling docker image registry.gitlab.gnome.org/gnome/gnome-runtime-images/gnome:master ...
Using docker image sha256:6da8efd686834939ee0378e8ff03e84e045e8143093cb86c20e0ae4f47774f80 for registry.gitlab.gnome.org/gnome/gnome-runtime-images/gnome:master ...
Running on runner-9yoQTy2e-project-1906-concurrent-0 via gcc176.bak.milne.osuosl.org...
00:02
Fetching changes...
00:14
Initialized empty Git repository in /builds/GNOME/epiphany/.git/
Created fresh repository.
From https://gitlab.gnome.org/GNOME/epiphany
* [new ref] refs/pipelines/157263 -> refs/pipelines/157263
* [new branch] abderrahim/flat-manager-locale-fix -> origin/abderrahim/flat-manager-locale-fix
* [new branch] bilelmoussaoui/wip-elementary-flatpak -> origin/bilelmoussaoui/wip-elementary-flatpak
* [new branch] gnome-2-10 -> origin/gnome-2-10
...
* [new tag] WEBCORE_BRANCHPOINT -> WEBCORE_BRANCHPOINT
* [new tag] WEBKIT_BRANCHPOINT -> WEBKIT_BRANCHPOINT
* [new tag] XULRUNNER_BRANCHPOINT -> XULRUNNER_BRANCHPOINT
* [new tag] actual-2.29.6 -> actual-2.29.6
* [new tag] gnome-2-8-branchpoint -> gnome-2-8-branchpoint
* [new tag] help -> help
* [new tag] pre-gnome-2-10-branchpoint -> pre-gnome-2-10-branchpoint
Checking out 3f7e0919 as master...
Skipping Git submodules setup
Checking cache for flatpak-master...
00:02
No URL provided, cache will not be downloaded from shared cache server. Instead a local version of cache will be extracted.
Successfully extracted cache
Authenticating with credentials from job payload (GitLab Registry)
00:06
$ flatpak-builder --user --disable-rofiles-fuse --stop-at=${FLATPAK_MODULE} flatpak_app ${MANIFEST_PATH}
Downloading sources
Initialized empty Git repository in /builds/GNOME/epiphany/.flatpak-builder/git/https_gitlab.gnome.org_GNOME_libdazzle.git-A23OG0/
Fetching git repo https://gitlab.gnome.org/GNOME/libdazzle.git, ref refs/heads/master
From https://gitlab.gnome.org/GNOME/libdazzle
* [new branch] master -> master
Initialized empty Git repository in /builds/GNOME/epiphany/.flatpak-builder/git/https_source.puri.sm_Librem5_libhandy.git-B5JEG0/
Fetching git repo https://source.puri.sm/Librem5/libhandy.git, ref refs/heads/libhandy-0-0
From https://source.puri.sm/Librem5/libhandy
* [new branch] libhandy-0-0 -> libhandy-0-0
Stopping at module epiphany
Initializing build dir
Committing stage init to cache
Starting build of org.gnome.Epiphany.Devel
========================================================================
Building module libdazzle in /builds/GNOME/epiphany/.flatpak-builder/build/libdazzle-1
========================================================================
Already on 'master'
bwrap: Creating new namespace failed, likely because the kernel does not support user namespaces. bwrap must be installed setuid on such systems.
Error: module libdazzle: Child process exited with code 1
Uploading artifacts...
00:03
WARNING: epiphany-git.flatpak: no matching files
WARNING: repo.tar: no matching files
WARNING: _build/meson-logs/meson-log.txt: no matching files
WARNING: _build/meson-logs/testlog.txt: no matching files
ERROR: No files to upload
ERROR: Job failed: exit code 1
https://gitlab.gnome.org/GNOME/meld/-/jobs/614992
Running with gitlab-runner 12.7.1 (003fe500) on flatpak-gcc150.osuosl.org 6YeWJmgw Using Docker executor with image registry.gitlab.gnome.org/gnome/gnome-runtime-images/gnome:master ... 02:56 Authenticating with credentials from job payload (GitLab Registry) Pulling docker image registry.gitlab.gnome.org/gnome/gnome-runtime-images/gnome:master ... Using docker image sha256:667561e8bea05915551a8b945be0e70afeded970144db9f6ed84d959fd851fc2 for registry.gitlab.gnome.org/gnome/gnome-runtime-images/gnome:master ... Running on runner-6YeWJmgw-project-301-concurrent-0 via gcc150.bak.milne.osuosl.org... 00:01 Fetching changes... 00:05 Initialized empty Git repository in /builds/GNOME/meld/.git/ Created fresh repository. From https://gitlab.gnome.org/GNOME/meld * [new ref] refs/pipelines/157539 -> refs/pipelines/157539 * [new branch] Python3 -> origin/Python3 * [new branch] VersionControlRework -> origin/VersionControlRework * [new branch] branch-0_9 -> origin/branch-0_9 * [new branch] master -> origin/master ... * [new tag] release-1_4_0 -> release-1_4_0 * [new tag] split-0_9 -> split-0_9 Checking out 27effd94 as master... Skipping Git submodules setup Authenticating with credentials from job payload (GitLab Registry) 00:02 $ flatpak run --share=network --filesystem=`pwd` --env=PATH=$PATH:/var/data/python/bin --command=sh org.gnome.Sdk -c 'pip3 install --user -r dev-requirements.txt; $PYTHON_CHECK_COMMAND' bwrap: Creating new namespace failed, likely because the kernel does not support user namespaces. bwrap must be installed setuid on such systems. error: ldconfig failed, exit status 256 ERROR: Job failed: exit code 1
/cc @averi @barthalion @kaiw