Incompatible updates to defaults in singularity/apptainer
by Dave Dykstra
I apologize that this notice is late. Three weeks ago, there was an
update to the apptainer package (formerly called singularity) in EPEL
that may have caused functionality for users to break, especially on
EPEL7. Apptainer is a container system that is popular especially for
High Performance Computing applications.
This was the first release in EPEL under the new name. Because of the
name change, the configuration directory name changed, and previous
system-wide custom configuration is not automatically carried forward.
Warnings are printed if the old configuration directory still exists
(which happens when singularity configuration had been customized). The
command is still available under the old name singularity, so that part
is still compatible.
More significantly, the apptainer-1.1 release changed the default
package to be "rootless" by not including a setuid-root component. As a
result, if unprivileged user namespaces are not enabled, most operations
will fail. System administrators in that case have to either enable
unprivileged user namespaces or separately install an apptainer-suid
package. This is particularly an issue on EL7 because there user
namespaces are not enabled by default. The reason the default was
changed is that the new version now supports doing most common
operations without setuid, using unprivileged FUSE mounts, and the
maintainers believe that unprivileged user namespaces are inherently
more secure than setuid-root.
For more details please see:
https://apptainer.org/docs/user/1.1/security.html#setuid-user-namespaces
https://apptainer.org/docs/admin/1.1/user_namespace.html#rhel-centos-7
https://apptainer.org/docs/admin/1.1/installation.html
https://apptainer.org/docs/admin/1.1/singularity_migration.html
https://github.com/apptainer/apptainer/releases
If you find any problems please report them to
https://github.com/apptainer/apptainer/issues
Dave
11 months, 2 weeks
- 1
- 0
EPEL 8 Modules get to live through Valentines Day 2023
by Troy Dawson
There has been a schedule update to the epel8 modularity removal.
October 31, 2022
- The updated epel-release will be pushed to epel8 stable
-- This sets "enabled = 0" for epel-modular, if you haven't already changed
your config.
February 15, 2023
- The EPEL 8 modules will be archived and removed.
-- The mirror manager will be pointed to the archive.
* Question:Why was the final archive moved to February 15th.
* Answer1: EPEL is made to help Enterprise users.
Many Enterprise users are already in an end of the year freeze.
This will give them time to plan, test, and implement any changes they
might face.
EPEL Steering Committee
11 months, 3 weeks
- 1
- 0
- ← Newer
- 1
- Older →