Installing daedalus-5.3.1-66691-mainnet-f14275aa5-x86_64-linux.bin with permission denied (ubuntu 24.04)

I’m getting the errors:

./daedalus-5.3.1-66691-mainnet-f14275aa5-x86_64-linux.bin 
Cannot bind mount /dev to /tmp/nixxdqYmx/dev: Permission denied
Cannot bind mount /proc to /tmp/nixxdqYmx/proc: Permission denied
Cannot bind mount /sys to /tmp/nixxdqYmx/sys: Permission denied
Cannot bind mount /run to /tmp/nixxdqYmx/run: Permission denied
Cannot bind mount /tmp to /tmp/nixxdqYmx/tmp: Permission denied
Cannot bind mount /var to /tmp/nixxdqYmx/var: Permission denied
Cannot bind mount /etc to /tmp/nixxdqYmx/etc: Permission denied
Cannot bind mount /usr to /tmp/nixxdqYmx/usr: Permission denied
Cannot bind mount /home to /tmp/nixxdqYmx/home: Permission denied
Cannot bind mount /home to /tmp/nixxdqYmx//home: Permission denied
mount(/tmp/tmpx-20240516T000407Z-dbb8da50/dat/nix, /tmp/nixxdqYmx/nix): Permission denied

I try to follow the solution from the post

with no success

This is a fresh installation before, I was using Manjaro with no problem.
Can you help me solve this?

Getting the same on Ubuntu 24.04, haven’t been able to figure out how to fix it yet.

What are the permissions and ownership on your /tmp directory?

On my Debian system they are:

> ls -l / | grep tmp
drwxrwxrwt  59 root root   319488 May 23 11:56 tmp

Does Ubuntu 24.04 enable AppArmor automatically? Does disabling it during install and then re-enabling it help?

I did all of this and still have the same issue

image

ls -l / | grep tmp

is not a fix, it is a debugging procedure to provide me more information about your system.

From what you posted it is as I expected.

You next step is to investigate the AppArmor issue (sorry, I know nothing about AppArmor).

What is the AppArmos issue … I have no idea what it is.

Does Ubuntu 24.04 enable AppArmor automatically? Does disabling it during install and then re-enabling it help?

The first line of my screenshot disables the AppArmor and still, cannot install …

I just upgraded my laptop to Ubuntu 24.04 and ran into this exact problem. For me, just stopping apparmor service did not help. If you search /var/log/syslog for DENIED you can find the apparmor profile that is causing the issue. This was in my log:

2024-05-29T02:01:20.263473-04:00 laptop-2 kernel: audit: type=1400 audit(1716962480.261:1073): apparmor="DENIED" operation="mount" class="mount" info="failed mntpnt match" error=-13 profile="unprivileged_userns" name="/tmp/nixkeav2t/usr/" pid=22425 comm="nix-user-chroot" srcname="/usr/" flags="rw, rbind"

I found this URL related to unpriviledged_userns profile:
https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces

Once I ran the 2 commands at the end of that document, daedalus started working:

sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

I do not yet know enough about apparmor to know if this causes some sort of security issue, but for now at least I can run daedalus.

I did try setting the daedalus program to just “complain” mode but received a python error. So it appears maybe the utility has some bugs in it. This is why I opted to just disable the problematic profile for now.
sudo aa-complain <path-to-daedalus>

I feel like this is not likely a good solution but just a temporary workaround until somebody more knowledgeable of apparmor can suggest a better approach. I hope this helps somebody.

1 Like