You haven't provided much detail, but it sounds like perhaps
unprivileged user namespaces are disabled on the machine that executes
the Runner. Singularity requires either setuid or unprivileged
usernamespaces for most things. For the singularity build command to
run unprivileged the --fakeroot option can be used, but that also
requires some setup by the system administrator:
https://singularity.hpcng.org/user-docs/master/fakeroot.html
Although it looks like the documentation doesn't mention it, I'm pretty
sure this can work with unprivileged singularity if newuidmap and
newgidmap are installed with sufficient privileges (in addition to setting
up /etc/subuid and /etc/subgid).
Bottom line: work with the administrator of your gitlab.
Dave
On Fri, Nov 12, 2021 at 04:40:46AM -0800, Joseph Manel Andres Moscardo wrote:
> it fails if I use %post section, but not with the %runscript or %startscript
>
> On Friday, 12 November 2021 at 13:03:31 UTC+1 Joseph Manel Andres Moscardo
> wrote:
>
> > Hi,
> > I am trying to build Singularity images through a Gitlab runner that runs
> > unpriviledge (for security reasons) and I get the following error:
> >
> > *ERROR : Failed to create user namespace: user namespace disabled*
> >
> > Is there a way that I can run a build inside the container that wouldn't
> > require priviledge runner?
> > Thanks.
> >
>
> --
> You received this message because you are subscribed to the Google Groups "singularity" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
singularity...@lbl.gov.
> To view this discussion on the web visit
https://groups.google.com/a/lbl.gov/d/msgid/singularity/3e5d3a6c-301b-42a7-b251-9ddd1e520d40n%40lbl.gov .