在ubuntu24.04中构建yocto工程造成的权限问题

背景：在使用ubuntu24.04构建yocto工程时出现错误：

Initialising tasks: 100% |###############################################################################################################################################| Time: 0:00:05

Sstate summary: Wanted 3246 Local 0 Mirrors 0 Missed 3246 Current 0 (0% match, 0% complete)

NOTE: Executing Tasks

ERROR: PermissionError: [Errno 1] Operation not permitted



During handling of the above exception, another exception occurred:



Traceback (most recent call last):

  File "/home/richard/mount/home/richard/work/display/stm32157_vga/layers/openembedded-core/bitbake/bin/bitbake-worker", line 275, in child

    bb.utils.disable_network(uid, gid)

  File "/home/richard/mount/home/richard/work/display/stm32157_vga/layers/openembedded-core/bitbake/lib/bb/utils.py", line 1693, in disable_network

    with open("/proc/self/uid_map", "w") as f:

PermissionError: [Errno 1] Operation not permitted



ERROR: Task (/home/richard/mount/home/richard/work/display/stm32157_vga/layers/openembedded-core/meta/recipes-devtools/gcc/gcc-source_12.3.bb:do_rm_work) failed with exit code '1'

ERROR: PermissionError: [Errno 1] Operation not permitted



During handling of the above exception, another exception occurred:



Traceback (most recent call last):

  File "/home/richard/mount/home/richard/work/display/stm32157_vga/layers/openembedded-core/bitbake/bin/bitbake-worker", line 275, in child

    bb.utils.disable_network(uid, gid)

  File "/home/richard/mount/home/richard/work/display/stm32157_vga/layers/openembedded-core/bitbake/lib/bb/utils.py", line 1693, in disable_network

    with open("/proc/self/uid_map", "w") as f:

PermissionError: [Errno 1] Operation not permitted



ERROR: Task (/home/richard/mount/home/richard/work/display/stm32157_vga/layers/meta-st/meta-st-stm32mp/recipes-kernel/linux/linux-stm32mp_6.1.bb:do_rm_work) failed with exit code '1'

NOTE: Tasks Summary: Attempted 13 tasks of which 0 didn't need to be rerun and 2 failed.

NOTE: Writing buildhistory

NOTE: Writing buildhistory took: 2 seconds



Summary: 2 tasks failed:

  /home/richard/mount/home/richard/work/display/stm32157_vga/layers/openembedded-core/meta/recipes-devtools/gcc/gcc-source_12.3.bb:do_rm_work

  /home/richard/mount/home/richard/work/display/stm32157_vga/layers/meta-st/meta-st-stm32mp/recipes-kernel/linux/linux-stm32mp_6.1.bb:do_rm_work

Summary: There was 1 WARNING message.

Summary: There were 2 ERROR messages, returning a non-zero exit code.

This issue seems to be caused by App Armor's profile "unprivileged_userns".

dmesg has the following report.

-----
[ 2229.188009] audit: type=1400 audit(1714466038.573:555): apparmor="DENIED" operation="capable" class="cap" profile="unprivileged_userns" pid=20223 comm="texinfo-dummy-n" capability=21 capname="sys_admin"
-----

And can be temporally resolved by unloading the profile.

-----
$ sudo apparmor_parser -R /etc/apparmor.d/unprivileged_userns
-----

解决方法：

$ sudo apparmor_parser -R /etc/apparmor.d/unprivileged_userns 

参考资料：

Bug #2056555 “Allow bitbake to create user namespace” : Bugs : apparmor package : Ubuntu