SingularityCE 3.11.4 Release
23 views
Skip to first unread message
David Trudgian
Jun 22, 2023, 9:22:23 AM6/22/23
to Singularity Community Edition
SingularityCE 3.11.4 Release
https://github.com/sylabs/singularity/releases/tag/v3.11.4
SingularityCE 3.11.4 is a patch release in the 3.11 series, with changes detailed below.
https://github.com/sylabs/singularity/releases/tag/v3.11.4
SingularityCE 3.11.4 is a patch release in the 3.11 series, with changes detailed below.
Thanks to our contributors for code, feedback and, testing efforts!
As always, please report any bugs to: https://github.com/sylabs/singularity/issues/new
If you think that you've discovered a security vulnerability please report it to: secu...@sylabs.io
~~~~~~~
Changed defaults / behaviours
- Add xino=on mount option for writable kernel overlay mount points to fix inode numbers consistency after kernel cache flush.
- The tap CNI plugin, new to github.com/containernetworking/plugins v1.3.0, is now provided.
- Added remote get-login-password subcommand that allows the user to retrieve a CLI token to interact with the OCI registry of a
Singularity Enterprise instance. - Added --no-setgroups flag for --fakeroot builds and run/shell/exec. This prevents the setgroups syscall being used on the container process in the fakeroot user namespace. Maintains access from within the user namespace to files on the host that have permissions based on supplementary group membership. Note that supplementary groups are mapped to nobody in the container, and chgrp, newgrp, etc. cannot be used.
- Added ability to set a custom user config directory (default $HOME/.singularity) via the new SINGULARITY_CONFIGDIR environment variable.
- In --oci mode, do not attempt to use unprivileged overlay on systems that do not support it.
- Fix dropped "n" characters on some platforms in definition file stored as part of SIF metadata.
- Pass STDIN to --oci containers correctly, to fix piping input to a container.
- Fix compilation on 32-bit systems.
- Fix seccomp filters to allow mknod/mknodat syscalls to create pipe/socket and character devices with device number 0 for fakeroot builds.
- Fix freeze when copying files between stages in an unprivileged proot build.
- Fix non-POSIX sh operator in mconfig.
- Correct internal name for CAP_BLOCK_SUSPEND.
Reply all
Reply to author
Forward
0 new messages