Comments (1)
First, a note that if this specific issue is fixed, you'll still hit problems further on. Singularity is going to need to create namespaces, perform mount syscalls etc. later on in container execution. You will need to grant enough privileges for this to happen.
We don't often see people attempting to run inside kubernetes, and don't actively test this workflow. However, you may find some useful information in the podman documentation page linked below... Singularity is going to require broadly the same privileges as other runtimes. It is not possible to run a container runtime inside a pod without granting any additional privileges.
https://www.redhat.com/sysadmin/podman-inside-kubernetes
As an aside - it'd be good to understand the workflow here. Given that you can run an OCI container natively under kubernetes, what are the circumstances that require you to run under singularity inside k8s?
With regard specifically to the detection of the ability to apply xattrs - we already attempt to detect a rootless (unprivileged) situation, and filesystems that do not support setting xattrs:
Clearly this is not working in the kubernetes case. If you are able to experiment with the detection process to identify the cause then we'd welcome a patch, or further information that would allow us to create a patch for this situation.
from singularity.
Related Issues (20)
- Support squashfs->tar in push of an OCI-SIF data container
- Remove CentOS 7 from CI matrix:
- Remove EL7, SLES 11 examples
- Remove Yum CentOS7 bootstrap tests
- Remove CentOS 7 regression test for issue 5250 HOT 1
- Remove CentOS 7 install specifics:
- Remove kernel version as proxy requirement for OCSP test
- Remove EL7 test case / handling of old ld listing HOT 1
- oci: fixed descriptor capacity for OCI-SIF prevents pulling some images
- singularity build --fakeroot fails with free(): invalid pointer while spawning RPC server HOT 3
- Pip install uses too much disk space - error with /tmp as tmpfs HOT 2
- Unknown image format/type in nextflow pipeline HOT 5
- Drop remaining direct containers/common usage
- CNI dhcp plugin does not work - netns bind issues
- oci-sif: inefficent copies of oci (layout) and tarball images
- delete sandbox
- allow user ns in singularity.conf
- allow ipc ns in singularity.conf
- e2e: OCI CustomHomePreservesRootShell failure
- Guidance on Choosing Between Apptainer and SingularityCE for Computational Materials Science Applications.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from singularity.