rpm/apptainer
SHA256
1
0
Fork 0
forked from pool/apptainer
Code Pull Requests Activity
apptainer/vendor.tar.gz
Christian Goll 2bf2146d97 Accepting request 993098 from home:mslacken:pr 
- Updated to version 1.1.0-rc1 which enables apptainer to run without
  suid and additional groups. Although this is a prerelease this is 
  a major advantage justifying its use.
  * Added a squashfuse image driver that enables mounting SIF files without
    using setuid-root. Requires the squashfuse command and unprivileged user
    namespaces.
  * Added a fuse2fs image driver that enables mounting EXT3 files and EXT3 SIF
    overlay partitions without using setuid-root. Requires the fuse2fs command
    and unprivileged user namespaces.
  * Added the ability to use persistent overlay (--overlay) and
    --writable-tmpfs without using setuid-root. This requires unprivileged user
    namespaces and either a new enough kernel (>= 5.11) or the fuse-overlayfs
    command. Persistent overlay works when the overlay path points to a regular
    filesystem (known as "sandbox" mode, which is not allowed when in setuid
    mode), or when it points to an EXT3 image. Does not work with a SIF
    partition because that requires privileges to mount as an ext3 image.
  * Extended the --fakeroot option to be useful when /etc/subuid and
    /etc/subgid mappings have not been set up. If they have not been set up, a
    root-mapped unprivileged user namespace (the equivalent of unshare -r)
    and/or the fakeroot command from the host will be tried. Together they
    emulate the mappings pretty well but they are simpler to administer. This
    feature is especially useful with the --overlay and --writable-tmpfs
    options and for building containers unprivileged, because they allow
    installing packages that assume they're running as root. A limitation on
    using it with --overlay and --writable-tmpfs however is that when only the
    fakeroot command can be used (because there are no user namespaces
    available, in suid mode) then the base image has to be a sandbox. This
    feature works nested inside of an apptainer container, where another
    apptainer command will also be in the fakeroot environment without
    requesting the --fakeroot option again, or it can be used inside an

OBS-URL: https://build.opensuse.org/request/show/993098
OBS-URL: https://build.opensuse.org/package/show/network:cluster/apptainer?expand=0&rev=14
2022-08-04 15:03:35 +00:00

4 lines
132 B
Plaintext
Raw Blame History

version https://git-lfs.github.com/spec/v1
oid sha256:7735457b98aafd288d84535215550976fff739082cd8290784415e1bee514c1f
size 7205443
View Git Blame Copy Permalink