Skip to content

Singularity 2.4.3 Release
Compare
Choose a tag to compare
@GodloveD GodloveD released this 06 Mar 16:43
· 9563 commits to master since this release
2.4.3
d6b5845

EDIT:
Shortly after the release of Singularity 2.4.3 a community member discovered that a newly-added dependency increases the Singularity attack surface by unnecessarily linking the action-suid binary to libarchive, when compiled on specific Linux distributions. The only clean and fast way to correct this problem is to remove the new docker-extract functionality, which implements improved whiteout handling for docker containers. As a temporary fix, several git commits will be reverted, and a new 2.4.4 release will be created. This release will still include the remaining bug and security fixes from the 2.4.3 release. The docker-extract functionality will be re-implemented in a new version (tentatively 2.5) in a manner that will avoid the issue. We sincerely apologize for the confusion and inconvenience. Thank you for your patience.

Hello Singularity enthusiasts!

This is a bug fix point release to the 2.4 feature branch, and includes a number of bug fixes as well as a security related fix that affects Singularity running on older kernels. If this security issue affects you (see below) you should consider this a high priority update:

Security related fixes

  • Close file descriptors pointing to a directory #1305

Details:
It may be possible for a malicious user to keep a directory open pointing to anything on the host filesystem within a container in such a manner that would bypass the security precautions already in place. Hosts that do not support the prctl() function PR_SET_NO_NEW_PRIVS are at risk. Most current distributions of Linux support this feature (e.g. RHEL6 with kernels newer then 2.6.32-504.16.2), and it is recommended to update to the latest upstream distribution release if you can.

Bug Fixes

  • Fix permission denied when binding directory located on NFS with root_squash enabled
  • Add capability to support all tar compression formats #1155
  • Handle docker layer aufs whiteout files correctly (requires libarchive).
  • Updated output of image.print command #1190
  • Fixed parsing of backslashes in apprun script #1189
  • Fixed parsing of arch keyword from definition file #1217
  • Fixed incompatibility between --pwd and --contain options #1259
  • Updated license information #1267
  • Fix non-root build from docker containers with non-writable file/dir permissions
  • Fix race condition between container exit and cleanupd while removing runtime directory

Please do remember to have fun!

And as always, report any bugs to:
https://github.com/singularityware/singularity/issues/new

Assets 3