Comments
dctrud
Because this update changes behaviour on systems with apptainer-setuid (disallows use of ext3 images / overlays by default), I believe that it should follow the incompatible upgrade policy:
https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades/
At the very least, the change should be notified to the epel list(s) so that people who subscribe are aware of the upcoming change.
# Before update
$ apptainer exec sif-overlay.sif /bin/date
Wed Apr 26 09:12:37 BST 2023
# Update to the testing package
$ sudo dnf update --enablerepo=epel-testing apptainer-suid
# After update
$ apptainer exec sif-overlay.sif /bin/date
FATAL: configuration disallows users from mounting SIF extfs partition in setuid mode, try --userns
Because this update changes behaviour on systems with apptainer-setuid (disallows use of ext3 images / overlays by default), I believe that it should follow the incompatible upgrades policy:
https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades/
At the very least, the change should be notified to the epel list(s) so that people who subscribe are aware of the upcoming change.
# Before update
$ apptainer exec sif-overlay.sif /bin/date
Wed Apr 26 09:12:37 BST 2023
# Update to the testing package
$ sudo dnf update --enablerepo=epel-testing apptainer-suid
# After update
$ apptainer exec sif-overlay.sif /bin/date
FATAL: configuration disallows users from mounting SIF extfs partition in setuid mode, try --userns
The review happend at - https://bugzilla.redhat.com/show_bug.cgi?id=2145834
Tested briefly on a bare-metal Fedora 32 machine inc ROCm GPu functionality. Looks to be working as expected including 3.6.1 fixes.
Tested on a non-GPU RHEL6 VM. Appears to be working as expected.
Looks good to me. Checked the 3.6.1 fixes are definitely there and working as expected.
Ran through some basic tests of SIF, docker, non-GPU runs on x86_64 only. All looks as expected to me.
Downloaded rpm and installed on RHEL7. Tested standard operations. Run library:// docker:// sources. Sign, verify. GPU container. LGTM.
Tested for basic functionality on a single Fedora 32 machine.
LGTM - tested basic functionality, and both nv and rocm operation.
Tested and working as a client & server from/to Fedora31 and other systems.
Basic functionality tested and working. Verified the security fix is present and works.
Because this update changes behaviour on systems with apptainer-setuid (disallows use of ext3 images / overlays by default), I believe that it should follow the incompatible upgrade policy:
https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades/
At the very least, the change should be notified to the epel list(s) so that people who subscribe are aware of the upcoming change.