[ARVADOS] updated: 2.1.0-2453-gf804c1b6c

Git user git at public.arvados.org
Fri May 13 15:14:42 UTC 2022


Summary of changes:
 tools/compute-images/scripts/base.sh | 3 +++
 1 file changed, 3 insertions(+)

       via  f804c1b6c884c75aa8dd73b60e1b3c0c3a23b4d1 (commit)
      from  e30b7ec3040cac89a2e134fddf8cb47c1905ea82 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit f804c1b6c884c75aa8dd73b60e1b3c0c3a23b4d1
Author: Tom Clegg <tom at curii.com>
Date:   Fri May 13 11:13:42 2022 -0400

    19099: Add privileges to nsenter in compute image build script.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/tools/compute-images/scripts/base.sh b/tools/compute-images/scripts/base.sh
index c9fd0945d..5f0853e4a 100644
--- a/tools/compute-images/scripts/base.sh
+++ b/tools/compute-images/scripts/base.sh
@@ -142,6 +142,9 @@ fi
 # Print singularity version installed
 singularity --version
 
+# Elevate privileges for nsenter so container-shell can work with singularity (see #19099, #18993)
+setcap "cap_sys_admin+pei cap_sys_chroot+pei" "$(which nsenter)"
+
 # Remove unattended-upgrades if it is installed
 wait_for_apt_locks && $SUDO DEBIAN_FRONTEND=noninteractive apt-get -qq --yes remove unattended-upgrades --purge
 

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list