Comments (6)
DrDaveD
commented on June 10, 2024
I cannot reproduce on my CentOS7 machine nor when I start from a fresh CentOS7 docker container, with the same go version.
I wonder if there's something about the filesystem in your home directory. Can you try the build on a different filesystem type?
Or I wonder if it's an old CentOS7, since that doesn't show up in /etc/os-release. What is the kernel version (because that may lead us to the OS version), and what is in /etc/redhat-release? Perhaps if you include all the output of mconfig it might provide a clue.
from apptainer.
huangdi95
commented on June 10, 2024
Hi, thank you for your help. I'm new to apptainer and go. I cannot build on a different filesystem type because I tried to use apptainer on an HPC which does not support docker.
System information
$ cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
$ uname -r
3.10.0-1160.49.1.el7.x86_64
$ uname -a
Linux Login-Node2.inband 3.10.0-1160.49.1.el7.x86_64 #1 SMP Tue Nov 30 15:51:32 UTC 2021 x86_64 x86_64 x86_64 GNU/LinuxOutput of mconfig
$ ./mconfig -p /home/huangdi/usr/local/ --without-suid
Configuring for project `apptainer' with languages: C, Golang
=> running pre-basechecks project specific checks ...
=> running base system checks ...
checking: host C compiler... cc
checking: host C++ compiler... c++
checking: host Go compiler (at least version 1.19)... /home/huangdi/anaconda3/envs/groot/bin/go
checking: host C compiler option -Wall... yes
checking: host C compiler option -Werror... yes
checking: host C compiler option -Wfatal-errors... yes
checking: host C compiler option -Wno-unknown-warning-option... yes
checking: host C compiler option -Wstrict-prototypes... yes
checking: host C compiler option -Wpointer-arith... yes
checking: host C compiler option -Wbad-function-cast... yes
checking: host C compiler option -Woverlength-strings... yes
checking: host C compiler option -Wframe-larger-than=2047... yes
checking: host C compiler option -Wno-sign-compare... yes
checking: host C compiler option -Wclobbered... yes
checking: host C compiler option -Wempty-body... yes
checking: host C compiler option -Wmissing-parameter-type... yes
checking: host C compiler option -Wtype-limits... yes
checking: host C compiler option -Wunused-parameter... yes
checking: host C compiler option -Wunused-but-set-parameter... yes
checking: host C compiler option -Wno-discarded-qualifiers... yes
checking: host C compiler option -Wno-incompatible-pointer-types... yes
checking: host C compiler option -pipe... yes
checking: host C compiler option -fmessage-length=0... yes
checking: host C compiler option -fPIC... yes
checking: host `ar' path... ar
checking: host `ld' path... ld
checking: host `ranlib' path... ranlib
checking: host `objcopy' path... objcopy
checking: target C compiler... cc
checking: target C++ compiler... c++
checking: target `ar' path... ar
checking: target `ld' path... ld
checking: target `ranlib' path... ranlib
checking: target `objcopy' path... objcopy
checking: host compiles static binaries... no
checking: target compiles static binaries... no
checking: host os type... unix
checking: host architecture... x86_64
checking: target architecture... x86_64
checking: host architecture word size... 64
checking: target architecture word size... 64
checking: project version... 1.2.5
checking: project short version... 1.2.5
checking: unprivileged user namespaces... disabled
=> running post-basechecks project specific checks ...
checking: namespace: CLONE_NEWPID... yes
checking: namespace: CLONE_FS... yes
checking: namespace: CLONE_NEWNS... yes
checking: namespace: CLONE_NEWUSER... yes
checking: namespace: CLONE_NEWIPC... yes
checking: namespace: CLONE_NEWNET... yes
checking: namespace: CLONE_NEWUTS... yes
checking: namespace: CLONE_NEWCGROUP... no
checking: feature: NO_NEW_PRIVS... yes
checking: feature: MS_SLAVE... yes
checking: feature: MS_REC... yes
checking: feature: MS_PRIVATE... yes
checking: user capabilities... yes
checking: header linux/securebits.h... yes
checking: header linux/capability.h... yes
checking: libseccomp+headers... no
=> generating fragments ...
=> building Makefile ...
=> generating apptainer.spec ...
=> project apptainer setup with :
- host arch: x86_64
- host wordsize: 64-bit
- host C compiler: cc
- host Go compiler: /home/huangdi/anaconda3/envs/groot/bin/go
- host system: unix
---
- target arch: x86_64
- target wordsize: 64-bit
- target C compiler: cc
---
- config profile: release
---
- SUID install: no
- Network plugins: yes
---
- verbose: no
---
- version: 1.2.5
=> /home/huangdi/apptainer/builddir/Makefile ready, try:
$ cd /home/huangdi/apptainer/builddir
$ makeOr I want to use a built apptainer container on the HPC without root privilege and without-suid. Do you have any suggestions on this?
from apptainer.
DrDaveD
commented on June 10, 2024
checking: unprivileged user namespaces... disabled
That means that the system administrator has not enabled user namespaces on the machine, so you won't be able to run your own copy of apptainer in any case. You'll need to get the system administrator to either enable user namespaces or install apptainer with suid.
I tried disabling user namespaces on my CentOS7 test machine and it didn't reproduce your problem, although it seems like it may be related to the error you see. If you leave off --without-suid mconfig gives a fatal error
checking: unprivileged user namespaces... disabled. Run mconfig with either --with-suid or --without-suid option
which is probably why you tried --without-suid. That message should be updated to explain that --without-suid isn't going to useful without user namespaces.
from apptainer.
huangdi95
commented on June 10, 2024
I see. So to use apptainer, I need to get the administrator to either enable user namespaces or let the admin install apptainer with suid, right?
Another question: if I want to use apptainer on a cluster with a shared file system (i.e. lustre), do I need to install apptainer on each node?
from apptainer.
DrDaveD
commented on June 10, 2024
I see. So to use apptainer, I need to get the administrator to either enable user namespaces or let the admin install apptainer with suid, right?
Right.
Another question: if I want to use apptainer on a cluster with a shared file system (i.e. lustre), do I need to install apptainer on each node?
It is possible to install apptainer on a shared file system, although it's generally recommended to install it on each node. If it is installed with suid mode on a shared filesystem then the filesystem has to not be mounted with the nosuid flag.
from apptainer.
huangdi95
commented on June 10, 2024
got it, thank you!
from apptainer.
Related Issues (20)
- Builds fail when $HOME isn't readable HOT 3
- Build from local Docker daemon fails due to Docker client API requirements HOT 8
- fuse-overlayfs INFO message "Software caused connection abort" causing sporadic e2e failures
- Unable to build apptainer from source HOT 2
- how to add video group to apptainer run command? HOT 1
- executable outside of the container not on PATH HOT 3
- Persistent overlay e2e tests need overhaul
- 32-bit compile failure in 1.3.0-rc.2
- AppArmor profile needed on Ubuntu 24.04 HOT 3
- --nvccli does not work correctly on Ubuntu 22.04 HOT 1
- --nvccli fails for NVIDIA_DRIVER_CAPABILITIES=graphics HOT 5
- Squashfuse 0.5.0 causes 32-bit compile failure on Fedora 40
- Embedding Signature History for Multi-Stage Builds [Enhancement] HOT 4
- Slow first execution inside the container HOT 13
- Cannot log into SylabsCloud HOT 2
- Feature request: support for --insecure during apptainer push and pull HOT 1
- Copying of OCI layout before building a sandbox image
- Spawn service in parallel with bash script HOT 2
- Infinite `Overlay mount failed with invalid argument` on Ubuntu 20.04 with sandbox container plus overlay HOT 1
- Invalid bind-mount options give unhelpful error
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apptainer.