can I run apptainer with kernel 3.10?

[Li Li]

OverlayFS mounts need minimum kernel >=3.18, but I can only run my program on a machine with kernel 3.10. I don't have root privilige and can't update kernel.

from https://apptainer.org/docs/admin/main/installation.html

Full functionality of Apptainer requires that the kernel supports:

• FUSE - Required to mount SIF files, for fuse-overlayfs on older kernels (see OverlayFS below), and for mounting ext3 overlay filesystems. The kernels of all major Linux operating systems support FUSE by default, but system administrators must not disable it. If system administrators do not want users to mount FUSE filesystems in the primary namespace, they can remove or not install the fuse package which contains the privileged fusermount program. Apptainer does not use fusermount in any mode.

• Unprivileged user namespaces - (minimum kernel >=3.8, >=4.18 recommended) Required to run containers without root or setuid privilege. The recommended minimum version is required for unprivileged FUSE mounts.

• OverlayFS mounts - (minimum kernel >=3.18, >=5.11 recommended) Used for creating missing bind mount paths and for writable overlays. Kernel 5.11 enables support for overlays unprivileged, but whenever the kernel OverlayFS driver doesn’t work, fuse-overlayfs will be used instead.

[Dave Dykstra]

Hi,

If that's a RHEL7.7 or greater kernel, it has backported support of FUSE mounts in unprivileged user namespaces so it can work ok. There unprivileged user namespaces are not enabled by default, however, so you would have to get the system administrator to enable them by setting sysctl user.max_user_namespace greater than zero. If it's older than RHEL7.7 it might not have FUSE mount support at all in which case you would have to use only sandboxes and use the "underlay" mode for making bind mountpoints.

A quick check for unprivileged user namespaces is "unshare -rm id"; if it is enabled, you'll see it running as uid=0.

Dave

On Tue, Dec 09, 2025 at 08:36:59AM +0000, Li Li wrote:
> OverlayFS mounts need minimum kernel >=3.18, but I can only run my program on a machine with kernel 3.10. I don't have root privilige and can't update kernel.
>
> from https://apptainer.org/docs/admin/main/installation.html
>
> Full functionality of Apptainer requires that the kernel supports:
>

> * FUSE - Required to mount SIF files, for fuse-overlayfs on older kernels (see OverlayFS below), and for mounting ext3 overlay filesystems. The kernels of all major Linux operating systems support FUSE by default, but system administrators must not disable it. If system administrators do not want users to mount FUSE filesystems in the primary namespace, they can remove or not install the fuse package which contains the privileged fusermount program. Apptainer does not use fusermount in any mode.
>
> * Unprivileged user namespaces - (minimum kernel >=3.8, >=4.18 recommended) Required to run containers without root or setuid privilege. The recommended minimum version is required for unprivileged FUSE mounts.
>
> * OverlayFS mounts - (minimum kernel >=3.18, >=5.11 recommended) Used for creating missing bind mount paths and for writable overlays. Kernel 5.11 enables support for overlays unprivileged, but whenever the kernel OverlayFS driver doesn’t work, fuse-overlayfs will be used instead.
>
> --
> You received this message because you are subscribed to the Google Groups "discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to discuss+u...@apptainer.org<mailto:discuss+u...@apptainer.org>.
> To view this discussion visit https://groups.google.com/a/apptainer.org/d/msgid/discuss/892abbd9-5142-4d8f-a18f-03ca1aba7f07n%40apptainer.org<https://groups.google.com/a/apptainer.org/d/msgid/discuss/892abbd9-5142-4d8f-a18f-03ca1aba7f07n%40apptainer.org?utm_medium=email&utm_source=footer>.

[Li Li]

$ unshare -rm id
unshare: unshare failed: Invalid argument