apptainer
Honor limit_container configuration directives for user+SUID workflow only
Version of Singularity:
V3
Expected behavior
That limit_container won't apply when run with user namespace or as root user
Actual behavior
limit_container restriction apply to all
Steps to reproduce behavior
Set limit_container_path = /tmp and run sudo singularity shell /root/image.sif or singularity shell -u ~/sandbox
Hi, we got hit by this bug with 3.4.2 : we left enabled "limit_container_path" in our config since we activated the user namespaces, and since the doc clearly states this param is ignored then... but no, containers did not want to start outside of the already configured paths.
And we even had "allow setuid" set to no... any way this could be fixed ?
Thanks && regards
Hello,
This is a templated response that is being sent out to all open issues. We are working hard on 'rebuilding' the Singularity community, and a major task on the agenda is finding out what issues are still outstanding.
Please consider the following:
- Is this issue a duplicate, or has it been fixed/implemented since being added?
- Is the issue still relevant to the current state of Singularity's functionality?
- Would you like to continue discussing this issue or feature request?
Thanks, Carter
This issue has been automatically marked as stale because it has not had activity in over 60 days. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
@cclerget @fschaer Still getting this problem ? Have this been solved already ? If yes, what work around have you followed and applied ?
We're looking into the issue carefully, soon will bring to community and discuss ways to better solve as well address this. Thankyou for keeping the interest in the subject.
Transferred this under Apptainer issues https://github.com/apptainer/apptainer/issues/1153
