BeHom

We are not running old software as root. The dnf update from Rocky 8.8 to Rocky 8.10 should just avoid that? In addition, if Rocky9.5 OS runs in the container...

No SELinux is not enabled on the host ``` # ls -ld /etc drwxr-xr-x 112 root root 12288 Feb 6 18:30 /etc # ls -l /etc/shadow -rw-r----- 1 root shadow...

I appreciate your efforts! Bind mount /etc/shadow works. I should have been more precise on the status of /etc/shadow. It is like you mentioned zero inside the container. If I...

Need to be even more precise: ``` Apptainer> vi /etc/shadow Apptainer> stat -c "%a %n" /etc/shadow 0 /etc/shadow Apptainer> ls -lh /etc/shadow ---------- 1 root root 366 Nov 19 2023...

Sorry for the late reply. I'm on a busines trip with limted access to a test system. ## On OpenSUSE: \# capsh --print Current: =ep Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore Ambient set...