[ARVADOS] updated: 2.1.0-2453-gf804c1b6c
Git user
git at public.arvados.org
Fri May 13 15:14:42 UTC 2022
Summary of changes:
tools/compute-images/scripts/base.sh | 3 +++
1 file changed, 3 insertions(+)
via f804c1b6c884c75aa8dd73b60e1b3c0c3a23b4d1 (commit)
from e30b7ec3040cac89a2e134fddf8cb47c1905ea82 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit f804c1b6c884c75aa8dd73b60e1b3c0c3a23b4d1
Author: Tom Clegg <tom at curii.com>
Date: Fri May 13 11:13:42 2022 -0400
19099: Add privileges to nsenter in compute image build script.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>
diff --git a/tools/compute-images/scripts/base.sh b/tools/compute-images/scripts/base.sh
index c9fd0945d..5f0853e4a 100644
--- a/tools/compute-images/scripts/base.sh
+++ b/tools/compute-images/scripts/base.sh
@@ -142,6 +142,9 @@ fi
# Print singularity version installed
singularity --version
+# Elevate privileges for nsenter so container-shell can work with singularity (see #19099, #18993)
+setcap "cap_sys_admin+pei cap_sys_chroot+pei" "$(which nsenter)"
+
# Remove unattended-upgrades if it is installed
wait_for_apt_locks && $SUDO DEBIAN_FRONTEND=noninteractive apt-get -qq --yes remove unattended-upgrades --purge
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list