Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AppArmor profile needed on Ubuntu 24.04 #2027

Open
jekorhon opened this issue Feb 16, 2024 · 6 comments
Open

AppArmor profile needed on Ubuntu 24.04 #2027

jekorhon opened this issue Feb 16, 2024 · 6 comments
Assignees
@JasonYangShadow
Milestone
1.3.2

Comments

@jekorhon
Copy link

Version of Apptainer

apptainer version 1.2.5

Expected behavior

Run the container without ERROR. Most likely apptainer doesn't have apparmor profile available.

Actual behavior

$ apptainer run xprotcas.sif -v
INFO   : A system administrator may need to enable user namespaces, install
INFO   :   apptainer-suid, or compile with ./mconfig --with-suid
ERROR  : Failed to create user namespace: Permission denied

Steps to reproduce this behavior

  1. Install clean Ubuntu 24.04 LTS daily image in virtual machine
  2. Install apptainer packages (without suid)
  3. Build aptainer image (working)
  4. Try to run the build image.

Workaround:

$ sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
$ sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

What OS/distro are you running

$ cat /etc/os-release
PRETTY_NAME="Ubuntu Noble Numbat (development branch)"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04 (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo

How did you install Apptainer

From debian package that was available on releases page.
@DrDaveD DrDaveD added this to the 1.3.1 milestone Feb 16, 2024
@DrDaveD
Copy link
Contributor

DrDaveD commented Feb 16, 2024

Thanks for the report, but how do you install Ubuntu 24.04 LTS? It's not scheduled to be released until April 2024.

Relates to sylabs/singularity#2275.

@DrDaveD
Copy link
Contributor

DrDaveD commented Feb 16, 2024

Oh, there is a vagrant box for it.

@jekorhon
Copy link
Author

There is also daily builds available and we use it to test upcoming changes to our workstation infrastructure: https://cdimage.ubuntu.com/daily-live/20240217/

@DrDaveD DrDaveD modified the milestones: 1.3.1, 1.3.2 Apr 20, 2024
@MichaelHeimann
Copy link

put a file called BAR in "/etc/apparmor.d" with that contents

abi <abi/4.0>,
include <tunables/global>

profile BAR /home/michael/Downloads/Beyond-All-Reason-1.2988.0.AppImage flags=(unconfined) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/BAR>
}

Of course, the path needs to be corrected to your AppImage location.
This way you don't need to lower systemwide security.

@DrDaveD
Copy link
Contributor

DrDaveD commented Apr 30, 2024
edited

Thanks. There's also now sample PRs we can use at sylabs/singularity#2852 and sylabs/singularity#2862 to save a little effort.

@afbjorklund afbjorklund mentioned this issue May 5, 2024
Closed
@afbjorklund
Copy link

Oh, there is a vagrant box for it.

Ubuntu no longer produces images for Vagrant (since it is not Open Source), but you can use Lima

@AndreWeiner AndreWeiner mentioned this issue May 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JasonYangShadow JasonYangShadow

Labels
None yet
Projects
None yet
Milestone
1.3.2
Development

No branches or pull requests
5 participants
@JasonYangShadow @DrDaveD @MichaelHeimann @afbjorklund @jekorhon