-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
user namespaces kernel feature #4
Comments
Hi, thanks for that very useful container. Our use case would be to run apptainer in docker for gitlab CI/CD , and in that case not privileging the docker container would be preferable for security reason. I built the present container with
event if it seems the alpine kernel is set to support user namespaces.
Even adding CAP_SYS_ADMIN results in another error
Thanks! |
i am not sure, to be honest. but i can point you to the code that is throwing this error: https://github.com/apptainer/apptainer/blob/3ad0cbef35b68a825389dec9000d495b302aa206/cmd/starter/c/starter.c#L859C59-L861 and the instead of using apptainer in docker, could you install apptainer directly using the .deb packages that apptainer provides? https://github.com/apptainer/apptainer/releases |
I managed to make it work following https://osg-htc.org/docs/worker-node/install-apptainer/#configuring-docker-to-work-with-apptainer but it required an extra
using the following command
|
wow! true container-ception. would it be simpler though to install apptainer with a deb file? the apptainer team includes those deb files in releases. |
apptainer 1.1.0 builds without suid by default. do we want to build with suid? we probably do... because if one is using docker anyway, they are probably using root already. though there is a rootless option.
relevant error during mconfig
The text was updated successfully, but these errors were encountered: