Overview Repositories Revisions Requests Users Attributes Meta

Apptainer is a container platform focused on supporting "Mobility ofCompute"

Edit Package apptainer
https://apptainer.org

Mobility of Compute encapsulates the development to compute
model where developers can work in an environment of their choosing and
creation and when the developer needs additional compute resources, this
environment can easily be copied and executed on other platforms.
Additionally as the primary use case for Singularity is targeted towards
computational portability, many of the barriers to entry of other
container solutions do not apply to Singularity making it an ideal
solution for users (both computational and non-computational) and HPC
centers.

  • Sources inherited from project SUSE:SLE-15-SP6:GA
  • Download package
  • osc -A https://api.opensuse.org checkout SUSE:SLE-15-SP7:Update/apptainer && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
Leap.def 0000000177 177 Bytes
README.SUSE 0000003918 3.83 KB
Remove-signatures-from-Docker-images.patch 0000002252 2.2 KB
SLE-15SP5.def 0000001456 1.42 KB
SLE-15SP6.def 0000001456 1.42 KB
SUSE.def 0000000158 158 Bytes
_service 0000000083 83 Bytes
apptainer-1.3.0.tar.gz 0005086105 4.85 MB
apptainer-rpmlintrc 0000000200 200 Bytes
apptainer.changes 0000044716 43.7 KB
apptainer.spec 0000006503 6.35 KB
vendor.tar.gz 0011976052 11.4 MB
Revision 3 (latest revision is 4)
Ruediger Oertel's avatar Ruediger Oertel (oertel) committed (revision 3) 
- Updated apptainer to version 1.3.0 (bsc#1221832)
  * FUSE mounts are now supported in setuid mode, enabling full
    functionality even when kernel filesystem mounts are insecure due to
    unprivileged users having write access to raw filesystems in
    containers. When allow `setuid-mount extfs = no` (the default) in
    apptainer.conf, then the fuse2fs image driver will be used to mount
    ext3 images in setuid mode instead of the kernel driver (ext3 images
    are primarily used for the `--overlay` feature), restoring
    functionality that was removed by default in Apptainer 1.1.8 because
    of the security risk.
    The allow `setuid-mount squashfs` configuration option in
    `apptainer.conf` now has a new default called `iflimited` which allows
    kernel squashfs mounts only if there is at least one `limit container`
    option set or if Execution Control Lists are activated in ecl.toml.
    If kernel squashfs mounts are are not allowed, then the squashfuse
    image driver will be used instead.
    `iflimited` is the default because if one of those limits are used
    the system administrator ensures that unprivileged users do not have
    write access to the containers, but on the other hand using FUSE
    would enable a user to theoretically bypass the limits via `ptrace()`
    because the FUSE process runs as that user.
    The `fuse-overlayfs` image driver will also now be tried in setuid
    mode if the kernel overlayfs driver does not work (for example if
    one of the layers is a FUSE filesystem).  In addition, if `allow
    setuid-mount encrypted = no` then the unprivileged gocryptfs format
    will be used for encrypting SIF files instead of the kernel
    device-mapper. If a SIF file was encrypted using the gocryptfs
    format, it can now be mounted in setuid mode in addition to
    non-setuid mode.
  * Change the default in user namespace mode to use either kernel
Comments 0
openSUSE Build Service is sponsored by
Places