Bug #2346
[mat2]
0%
Description
Mat2 basically works but if use mat2 with -L or -s then he print:
bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.
So why by default kernel /proc/sys/kernel/unprivileged_userns_clone is 0, this is for security and this kernel parameter is really so necessary?
Could there be a problem in the package?
History
Updated by freemor almost 5 years ago
- Assignee set to freemor
It's kinda bizarre that a program that is just stripping metadata from a file would need to play with anything permission related.
it really should just basically edit the metadata out as it creates a clean version of the file.
I'll take a look when I get a minute and decide if this should be flagged to the kernel person or the package maintainer. Or if it is something that I can just fix.Updated by freemor almost 5 years ago
- Status changed from unconfirmed to info needed
Installed mat2 from the repo. Thried the above commands with sereral files. Can not reproduce the error.
Changing status to need info
Can the OP please supply setps to reproduce if possible a sample file that it fails against
Updated by pisechka almost 5 years ago
freemor wrote:
Installed mat2 from the repo. Thried the above commands with sereral files. Can not reproduce the error.
Changing status to need infoCan the OP please supply setps to reproduce if possible a sample file that it fails against
I don't know what i can provide. I'm just run mat2 -s or -L picture.png
-L:
ERROR: Something went wrong during the processing of picture.jpg: Command '['/usr/bin/bwrap', '--ro-bind', '/usr', '/usr', '--ro-bind', '/lib', '/lib', '--ro-bind', '/lib64', '/lib64', '--ro-bind', '/bin', '/bin', '--ro-bind', '/sbin', '/sbin', '--ro-bind', '/home/Test', '/home/Test', '--ro-bind', '/etc/ld.so.cache', '/etc/ld.so.cache', '--dev', '/dev', '--chdir', '/home/Test', '--unshare-all', '--new-session', '--bind', '/tmp/tmpopyoccks', '/home/Test', '--ro-bind', '/home/Test/picture.jpg', '/home/Test/picture.jpg', '/usr/bin/vendor_perl/exiftool', '-all=', '-adobe=', '-exif:all=', '-Time:All=', '-quiet', '-CommonIFD0=', '-o', 'picture.cleaned.jpg', 'picture.jpg']' returned non-zero exit status 1.
-s:
Traceback (most recent call last):
File "/usr/bin/mat2", line 186, in <module>
sys.exit(main())
File "/usr/bin/mat2", line 170, in main
show_meta(f)
File "/usr/bin/mat2", line 72, in show_meta
__print_meta(filename, p.get_meta())
File "/usr/lib/python3.7/site-packages/libmat2/exiftool.py", line 23, in get_meta
check=True, stdout=subprocess.PIPE).stdout
File "/usr/lib/python3.7/site-packages/libmat2/subprocess.py", line 100, in run
completed_process = subprocess.run(prefix_args + args, **kwargs)
File "/usr/lib/python3.7/subprocess.py", line 487, in run
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['/usr/bin/bwrap', '--ro-bind', '/usr', '/usr', '--ro-bind', '/lib', '/lib', '--ro-bind', '/lib64', '/lib64', '--ro-bind', '/bin', '/bin', '--ro-bind', '/sbin', '/sbin', '--ro-bind', '/home/Test', '/home/Test', '--ro-bind', '/etc/ld.so.cache', '/etc/ld.so.cache', '--dev', '/dev', '--chdir', '/home/Test', '--unshare-all', '--new-session', '--ro-bind', '/home/Test/picture.jpg', '/home/Test/picture.jpg', '/usr/bin/vendor_perl/exiftool', '-json', 'picture.jpg']' returned non-zero exit status 1.
While i was writing this letter i try remove bubblewrap and mat2 began to work.
Looks like this is my mistake, sorry.
Updated by freemor almost 5 years ago
- Status changed from info needed to not-a-bug
I understand how that can happen :) I use firejail and it sometimes causes odd behaviours too.
Tho with firejail they are usually easily worked around.