Ubuntu 24.04 / AppArmor user namespace restrictions
75 views
Skip to first unread message
David Trudgian
Apr 30, 2024, 11:16:53 AM4/30/24
to Singularity Community Edition
On Ubuntu 24.04, unprivileged user namespace creation is restricted using AppArmor.
If you are installing SingularityCE on Ubuntu 24.04, then native setuid mode is not affected. However, a non-setuid install, explicit --userns, and OCI-Mode will not work correctly.
In the next release of SingularityCE we will provide .deb packages that include an AppArmor profile for 24.04.
If you are building from source, or cannot wait until the next release, please see INSTALL.md on the GitHub repository for guidance on adding a suitable AppArmor profile to allow unprivileged user namespace creation for SingularityCE:
https://github.com/sylabs/singularity/blob/main/INSTALL.md#apparmor-profile-ubuntu-2404
If you are building from source, or cannot wait until the next release, please see INSTALL.md on the GitHub repository for guidance on adding a suitable AppArmor profile to allow unprivileged user namespace creation for SingularityCE:
https://github.com/sylabs/singularity/blob/main/INSTALL.md#apparmor-profile-ubuntu-2404
Reply all
Reply to author
Forward
0 new messages