You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As detailed in the article above, Ubuntu 23.10 introduces restrictions on unpriv userns creation, via apparmor. The restrictions are off by default for now. However, they will be on by default at a later date via updates. This will probably apply to the next LTS - 24.04.
We need to ensure that we ship / document an apparmor profile suitable for the different execution modes of SingularityCE. Some of which rely on unpriv userns creation.
The text was updated successfully, but these errors were encountered:
Will have a look today / tomorrow... but if anything non-obvious is met we'll defer to a patch release.
A lilttle bit challenging as it needs to have Ubuntu & version specific addition of a profile from our deb package, so we aren't installing the profile on apparmor systems that don't support it.
Needs a bit more thought... do we add the apparmor profile install to make install (which would then ignore --prefix)? Do we add it just to Deb packages built on specific distros?
I haven't seen any guidance for what packages that aren't in Ubuntu core repos should do. Those that are have had their profiles added into the apparmor package.
https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
As detailed in the article above, Ubuntu 23.10 introduces restrictions on unpriv userns creation, via apparmor. The restrictions are off by default for now. However, they will be on by default at a later date via updates. This will probably apply to the next LTS - 24.04.
We need to ensure that we ship / document an apparmor profile suitable for the different execution modes of SingularityCE. Some of which rely on unpriv userns creation.
The text was updated successfully, but these errors were encountered: