From 0000000000000000000000000000000000000005 Mon Sep 17 00:00:00 2001 From: Aleksandra Kachanova Date: Mon, 15 Jun 2026 12:00:00 +0000 Subject: [PATCH] PF-632: re-assert max_user_namespaces before rootbld bwrap A concurrent, non-isolated RPM build on the same node can run `sysctl --system` inside its mock chroot (e.g. cloudlinux-linksafe's %posttrans re-applies the el7 base config), which resets the host's user.max_user_namespaces to 0. bwrap then fails to create a user namespace with the misleading "No space left on device". Re-assert the value immediately before invoking bwrap. Best-effort: never fail the build if the re-assert is denied. --- abuild.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/abuild.in b/abuild.in index 4447b4d..5555555 100644 --- a/abuild.in +++ b/abuild.in @@ -2636,6 +2636,9 @@ rootbld() { printf("%s\n", users[i]) > (root "/passwd") }' + # PF-632: re-assert user.max_user_namespaces before bwrap (a concurrent RPM build's sysctl --system can reset it to 0). + sudo -n sysctl -w user.max_user_namespaces=20000 >/dev/null 2>&1 || true + local bwrap_opts="" options_has "net" || bwrap_opts="$bwrap_opts --unshare-net" bwrap --new-session --unshare-ipc --unshare-uts $bwrap_opts \ -- 2.43.5