From aff97085b1f6f059ebfe09ccf8861031f32cd25d Mon Sep 17 00:00:00 2001 From: gh-actions Date: Wed, 22 Nov 2023 20:25:13 +0000 Subject: [PATCH] Update main admindocs --- public/docs/admin/main/installation.html | 16 ++++++++-------- public/docs/admin/main/searchindex.js | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/public/docs/admin/main/installation.html b/public/docs/admin/main/installation.html index 5769bfe2f..66bda62c9 100644 --- a/public/docs/admin/main/installation.html +++ b/public/docs/admin/main/installation.html @@ -140,7 +140,7 @@

Installing Apptainer

This section will guide you through the process of installing -Apptainer 1.2.4 via several different methods. (For +Apptainer 1.2.5 via several different methods. (For instructions on installing earlier versions of Apptainer please see earlier versions of the docs.)

@@ -397,11 +397,11 @@

Install from GitHub release RPMs
$ sudo yum install -y https://github.com/apptainer/apptainer/releases/download/v1.2.4/apptainer-1.2.4-1.x86_64.rpm
+
$ sudo yum install -y https://github.com/apptainer/apptainer/releases/download/v1.2.5/apptainer-1.2.5-1.x86_64.rpm
 

 

 
For the setuid installation do above command first and then this one:

-
$ sudo yum install -y https://github.com/apptainer/apptainer/releases/download/v1.2.4/apptainer-suid-1.2.4-1.x86_64.rpm
+
$ sudo yum install -y https://github.com/apptainer/apptainer/releases/download/v1.2.5/apptainer-suid-1.2.5-1.x86_64.rpm
 

 

 

@@ -411,13 +411,13 @@ 
Install Debian packages
$ sudo apt update
 $ sudo apt install -y wget
 $ cd /tmp
-$ wget https://github.com/apptainer/apptainer/releases/download/v1.2.4/apptainer_1.2.4_amd64.deb
-$ sudo apt install -y ./apptainer_1.2.4_amd64.deb
+$ wget https://github.com/apptainer/apptainer/releases/download/v1.2.5/apptainer_1.2.5_amd64.deb
+$ sudo apt install -y ./apptainer_1.2.5_amd64.deb
 

 

 
For the setuid installation do above commands first and then these:

-
$ wget https://github.com/apptainer/apptainer/releases/download/v1.2.4/apptainer-suid_1.2.4_amd64.deb
-$ sudo dpkg -i ./apptainer-suid_1.2.4_amd64.deb
+
$ wget https://github.com/apptainer/apptainer/releases/download/v1.2.5/apptainer-suid_1.2.5_amd64.deb
+$ sudo dpkg -i ./apptainer-suid_1.2.5_amd64.deb
 

 

 

@@ -504,7 +504,7 @@ 
apptainer buildcfg
$ apptainer buildcfg
 PACKAGE_NAME=apptainer
-PACKAGE_VERSION=1.2.4
+PACKAGE_VERSION=1.2.5
 BUILDDIR=/home/dtrudg/Sylabs/Git/apptainer/builddir
 PREFIX=/usr/local
 EXECPREFIX=/usr/local
diff --git a/public/docs/admin/main/searchindex.js b/public/docs/admin/main/searchindex.js
index 45a6f2b98..dfd3688a9 100644
--- a/public/docs/admin/main/searchindex.js
+++ b/public/docs/admin/main/searchindex.js
@@ -1 +1 @@
-Search.setIndex({"docnames": ["admin_quickstart", "configfiles", "index", "installation", "license", "security", "singularity_migration", "user_namespace"], "filenames": ["admin_quickstart.rst", "configfiles.rst", "index.rst", "installation.rst", "license.rst", "security.rst", "singularity_migration.rst", "user_namespace.rst"], "titles": ["Admin Quick Start", "Apptainer Configuration Files", "Admin Guide", "Installing Apptainer", "License", "Security in Apptainer", "Migrating From Singularity", "User Namespaces & Fakeroot"], "terms": {"thi": [0, 1, 2, 3, 4, 6, 7], "give": [0, 1], "an": [0, 1, 6, 7], "overview": 0, "descript": [0, 1], "pointer": 0, "file": [0, 2, 5, 6, 7], "more": [0, 1, 2, 3, 5, 7], "inform": [0, 2, 3, 6], "includ": [0, 1, 3, 4, 7], "altern": [0, 3], "option": [0, 2, 3, 6, 7], "detail": [0, 1, 2, 3, 5, 7], "can": [0, 1, 3, 5, 6, 7], "found": [0, 1, 3], "later": 0, "guid": [0, 1, 3, 5, 6, 7], "i": [0, 1, 3, 4, 5, 6, 7], "design": 0, "allow": [0, 1, 3, 5, 7], "contain": [0, 3, 5, 7], "execut": [0, 3, 5], "thei": [0, 1, 3, 6, 7], "were": [0, 1, 7], "nativ": [0, 1, 3], "program": [0, 1, 3, 7], "script": [0, 3], "host": [0, 1, 3, 7], "system": [0, 2, 5, 6, 7], "No": 0, "daemon": [0, 7], "requir": [0, 1, 2], "build": [0, 1], "run": [0, 1, 3, 5, 7], "model": 0, "compat": [0, 1, 3, 5, 6], "share": [0, 1, 3], "As": [0, 1, 3], "result": [0, 3, 7], "integr": [0, 1, 3], "cluster": [0, 7], "schedul": [0, 1], "univa": 0, "grid": 0, "engin": 0, "torqu": 0, "slurm": 0, "sge": 0, "mani": [0, 1, 3, 7], "other": [0, 2, 3, 4, 5, 7], "simpl": [0, 3, 7], "ani": [0, 3, 4, 6, 7], "command": [0, 1, 3, 7], "all": [0, 1, 3, 4, 5, 6, 7], "standard": 0, "input": 0, "output": [0, 1], "error": [0, 1, 3, 7], "pipe": 0, "ipc": 0, "commun": [0, 1, 6], "pathwai": 0, "us": [0, 1, 2, 3, 4, 5, 7], "local": [0, 1, 3, 6, 7], "ar": [0, 1, 3, 4, 5, 6, 7], "synchron": [0, 7], "applic": [0, 1], "within": [0, 1, 6], "favor": 0, "over": [0, 1], "isol": [0, 1, 3, 7], "approach": [0, 1], "By": [0, 1, 3, 5, 7], "default": [0, 1, 3, 5, 6, 7], "onli": [0, 1, 3, 5, 7], "mount": [0, 3, 7], "user": [0, 1, 2, 3, 5, 6], "namespac": [0, 2, 3, 6], "so": [0, 1, 3, 5, 6, 7], "have": [0, 1, 3, 6, 7], "own": [0, 1, 7], "filesystem": 0, "view": [0, 3], "access": [0, 1, 3, 7], "hardwar": 0, "gpu": [0, 2, 3], "high": 0, "speed": [0, 1, 7], "network": [0, 2], "easi": 0, "doe": [0, 1, 3, 6, 7], "special": [0, 1, 4, 7], "home": [0, 1, 3], "directori": [0, 3, 6, 7], "tmp": [0, 1, 3], "space": [0, 3, 7], "specif": [0, 1, 3, 4], "make": [0, 1, 3, 6, 7], "benefit": 0, "from": [0, 1, 2, 4, 7], "reproduc": [0, 4], "container": [0, 1], "without": [0, 1, 3, 4, 5, 7], "major": [0, 1], "chang": [0, 1, 3, 6, 7], "exist": [0, 1, 7], "workflow": [0, 1], "where": [0, 1, 3, 7], "complet": [0, 1, 7], "import": [0, 1, 2, 3, 6, 7], "addit": [0, 3, 7], "linux": [0, 1, 2, 6, 7], "resourc": [0, 1, 5], "limit": [0, 4, 5], "accomplish": 0, "see": [0, 1, 2, 3, 4, 5, 6, 7], "section": [0, 1, 3, 5, 6, 7], "sourc": [0, 1, 4, 6], "directli": [0, 1, 3], "rpm": [0, 1, 6], "debian": [0, 5], "packag": [0, 1, 6, 7], "download": [0, 3], "pre": [0, 6], "built": 0, "distribut": [0, 1, 3, 4, 7], "mai": [0, 1, 3, 4, 6, 7], "also": [0, 1, 3, 6, 7], "up": [0, 1, 3, 7], "date": 0, "upstream": 0, "version": [0, 1, 3], "github": [0, 1], "To": [0, 1, 3, 7], "follow": [0, 1, 3, 4, 5, 7], "instruct": [0, 2, 3], "md": [0, 1, 3], "method": [0, 1, 3, 7], "discuss": [0, 1, 3, 7], "under": [0, 1, 3, 6], "etc": [0, 1, 3, 5, 6, 7], "your": [0, 1, 3, 6, 7], "prefix": [0, 1, 3, 6], "syconfdir": 0, "you": [0, 1, 3, 6, 7], "mconfig": [0, 3], "In": [0, 1, 3, 6, 7], "set": [0, 1, 3, 5, 7], "find": [0, 1, 3, 6, 7], "them": [0, 1, 3, 5, 7], "usr": [0, 1, 3, 6], "deb": [0, 1, 3, 6], "edit": [0, 7], "config": [0, 1, 3, 6], "global": [0, 1], "root": [0, 1, 3, 5, 6, 7], "manag": [0, 3, 5, 7], "conf": [0, 2, 3, 6, 7], "control": [0, 1, 5], "runtim": [0, 1, 2, 3, 6, 7], "behavior": [0, 6], "head": [0, 3], "small": 0, "alpin": [0, 1, 3], "exec": [0, 1, 3], "docker": [0, 3, 7], "cat": [0, 3, 7], "releas": [0, 7], "3": [0, 1, 3, 4, 7], "9": [0, 3], "2": [0, 1, 3, 7], "about": [0, 1, 2, 3, 6], "how": [0, 1, 2, 3, 5, 6, 7], "administr": [1, 2, 5, 6, 7], "variou": 1, "let": 1, "secur": [1, 2, 3, 6, 7], "restrict": [1, 3, 5, 7], "when": [1, 3, 5, 6, 7], "instal": [1, 2, 6, 7], "across": [1, 3], "though": [1, 3, 7], "locat": [1, 3, 6], "differ": [1, 3, 7], "base": [1, 5, 6, 7], "pass": [1, 6], "dure": [1, 3, 6, 7], "For": [1, 3, 4, 5, 7], "describ": [1, 7], "paramet": [1, 5, 6, 7], "most": [1, 3, 7], "defin": [1, 7], "entir": 1, "influenc": 1, "function": [1, 3, 7], "measur": 1, "must": [1, 3, 4, 7], "writabl": [1, 3], "refus": 1, "case": [1, 3, 6, 7], "non": [1, 7], "ever": 1, "privileg": [1, 3, 7], "thu": 1, "do": [1, 3, 7], "The": [1, 3, 6, 7], "via": [1, 3, 7], "list": [1, 3, 4, 5], "below": [1, 3, 7], "group": [1, 7], "togeth": 1, "relev": 1, "actual": [1, 7], "order": [1, 3, 7], "featur": [1, 2, 3], "need": [1, 6, 7], "some": [1, 3, 7], "call": [1, 3, 7], "achiev": 1, "helper": 1, "bit": [1, 7], "enabl": [1, 3, 5, 6], "disabl": [1, 2, 3], "abil": [1, 7], "util": [1, 7], "ye": [1, 7], "suid": [1, 3, 6, 7], "which": [1, 3, 6, 7], "kept": 1, "known": 1, "mode": [1, 3, 7], "full": [1, 3], "maintain": [1, 3], "same": [1, 3, 6, 7], "keep": 1, "priv": 1, "grant": [1, 5, 7], "individu": 1, "launch": 1, "through": [1, 3, 7], "add": [1, 3, 7], "cap": 1, "drop": 1, "flag": [1, 5], "pleas": [1, 3, 5, 6, 7], "facilit": 1, "sif": [1, 3, 5, 7], "imag": [1, 3], "max": 1, "admin": 1, "total": 1, "number": [1, 3, 7], "consum": 1, "given": 1, "time": [1, 7], "singl": [1, 3], "minim": [1, 6, 7], "usag": [1, 3, 5], "help": [1, 6], "optim": 1, "kernel": [1, 3, 7], "cach": 1, "particularli": 1, "mpi": 1, "job": 1, "pid": 1, "n": 1, "determin": 1, "leverag": 1, "confus": 1, "process": [1, 3, 7], "track": 1, "well": 1, "implement": 1, "automat": [1, 3, 6, 7], "creat": [1, 3, 7], "modifi": [1, 6], "sever": [1, 3], "eas": 1, "These": 1, "effect": 1, "overlai": [1, 7], "underlai": 1, "passwd": 1, "should": [1, 3, 6], "append": 1, "entri": [1, 3, 7], "": [1, 3, 5, 7], "resolv_conf": 1, "resolv": 1, "sessiondir": [1, 3], "size": [1, 3, 7], "temporari": [1, 3], "assembl": 1, "compon": [1, 6, 7], "hold": [1, 3], "written": [1, 4], "tmpf": [1, 3], "plu": 1, "valu": [1, 7], "64mib": 1, "If": [1, 3, 6, 7], "commonli": [1, 7], "increas": 1, "accommod": 1, "grow": 1, "specifi": [1, 7], "maximum": [1, 3], "alloc": [1, 7], "ahead": 1, "proc": 1, "sy": 1, "dev": 1, "want": [1, 3, 6, 7], "tree": [1, 3], "null": 1, "zero": 1, "random": 1, "urandom": 1, "shm": 1, "devpt": 1, "new": [1, 3, 6, 7], "instanc": [1, 3], "explain": 1, "abov": [1, 3, 4, 7], "either": [1, 6], "config_devpts_multiple_inst": 1, "y": [1, 3], "newer": [1, 5], "than": [1, 3, 7], "4": [1, 3, 7], "7": 1, "attempt": [1, 3, 7], "var": [1, 3], "both": [1, 3], "workdir": 1, "hostf": 1, "caus": [1, 4, 6], "probe": 1, "those": [1, 7], "slave": 1, "hand": 1, "propag": 1, "autof": 1, "occur": [1, 3], "reflect": 1, "f": 1, "type": [1, 3, 7], "choos": [1, 3], "primarili": 1, "like": [1, 3, 6, 7], "crai": 1, "cle": 1, "5": [1, 3, 7], "6": 1, "0": [1, 3, 7], "up05": 1, "issu": [1, 3, 6], "panic": 1, "affect": [1, 3, 7], "recommend": [1, 3, 6, 7], "ramf": 1, "avoid": 1, "path": [1, 3], "made": [1, 3, 7], "avail": [1, 3, 7], "successfulli": 1, "ignor": 1, "invok": 1, "point": [1, 3, 7], "destin": 1, "ident": [1, 6], "localtim": 1, "Or": 1, "colon": 1, "nsswitch": 1, "decid": [1, 6], "mean": [1, 3, 6], "scratch": 1, "There": [1, 3, 7], "wai": [1, 3, 4, 7], "stricter": 1, "check": [1, 7], "out": [1, 4, 6], "owner": 1, "appli": [1, 5, 6], "permit": [1, 4, 7], "deni": [1, 3], "unencrypt": 1, "encrypt": 1, "squashf": 1, "bare": [1, 3], "e": [1, 3, 6, 7], "g": [1, 3, 6], "singular": [1, 2], "x": 1, "extf": 1, "ext": 1, "dir": [1, 3], "sandbox": [1, 3], "insid": [1, 3, 7], "outsid": [1, 7], "ext3": 1, "reason": 1, "unlik": 1, "virtual": [1, 3], "unrestrict": 1, "certain": [1, 3], "disrupt": 1, "environ": 1, "net": [1, 7], "administ": [1, 7], "except": [1, 6], "fakeroot": [1, 2, 6], "40_fakeroot": [1, 7], "conflist": [1, 7], "name": [1, 4, 6, 7], "direct": [1, 4, 7], "provid": [1, 3, 4, 7], "workload": 1, "seamlessli": 1, "checkout": 1, "alwai": [1, 3], "nv": [1, 3], "everi": 1, "action": 1, "shell": [1, 3, 7], "implicitli": 1, "ad": 1, "fusemount": 1, "fuse": [1, 7], "try": [1, 3, 7], "overlayf": [1, 3, 7], "fail": 1, "silent": 1, "fatal": 1, "effici": 1, "gener": [1, 3, 7], "desir": 1, "just": 1, "instead": [1, 3, 6, 7], "suitabl": 1, "possibl": [1, 3, 4, 5, 7], "work": [1, 2, 3, 7], "custom": [1, 3], "replac": [1, 3], "whenev": [1, 7], "isn": 1, "t": [1, 3, 7], "veri": 1, "basic": [1, 3], "flow": [1, 3], "pull": [1, 3], "multipl": [1, 3, 7], "part": [1, 6, 7], "v": [1, 3], "stream": 1, "appropri": [1, 7], "api": 1, "registri": 1, "tune": 1, "condit": [1, 4], "server": [1, 3], "cloud": [1, 3], "each": [1, 3, 7], "byte": 1, "buffer": 1, "transfer": 1, "systemd": [1, 5, 7], "whether": [1, 4], "v2": [1, 5], "unprivileg": [1, 5, 7], "cgroupf": 1, "ha": [1, 3, 6, 7], "get": 1, "reset": 1, "unset": 1, "It": [1, 3, 6, 7], "note": [1, 3, 6], "elev": 1, "becaus": [1, 3, 6], "we": [1, 3, 6, 7], "first": [1, 3, 5, 7], "current": [1, 3, 7], "our": 1, "sudo": [1, 3, 7], "now": [1, 7], "verifi": [1, 6], "wa": [1, 7], "here": [1, 5, 7], "remov": [1, 3, 6, 7], "And": [1, 3], "back": [1, 7], "origin": [1, 3, 7], "test": [1, 2], "what": [1, 7], "would": [1, 3], "look": [1, 7], "dry": 1, "conjunct": 1, "write": 1, "been": [1, 6, 7], "had": 1, "string": 1, "undefin": 1, "attach": 1, "respect": [1, 6], "otherwis": [1, 3, 4, 7], "dest": 1, "did": 1, "meter": 1, "rate": 1, "block": [1, 7], "node": [1, 3, 7], "two": [1, 3, 7], "common": [1, 3], "v1": [1, 3, 5], "separ": [1, 3, 6], "hierarchi": 1, "per": 1, "class": 1, "unifi": 1, "simplifi": 1, "structur": [1, 3], "document": [1, 4, 5, 6, 7], "www": 1, "org": [1, 4], "doc": [1, 3], "txt": 1, "repres": 1, "oci": [1, 3], "spec": 1, "com": [1, 3], "opencontain": 1, "blob": 1, "master": 1, "On": [1, 3, 5], "translat": 1, "ebpf": 1, "request": [1, 7], "take": [1, 6, 7], "my_contain": 1, "amount": [1, 3], "500mb": 1, "524288000": 1, "start": [1, 3, 7], "strategi": 1, "correspond": [1, 6], "ratio": 1, "versu": 1, "usual": 1, "1024": [1, 3], "That": [1, 3, 6, 7], "50": 1, "512": 1, "A": [1, 3, 4, 7], "its": [1, 4, 6, 7], "enough": 1, "idl": 1, "cycl": 1, "due": [1, 7], "conserv": 1, "natur": 1, "even": [1, 3, 4, 7], "conflict": [1, 3], "quota": 1, "period": 1, "enforc": [1, 5], "hard": 1, "100m": 1, "100000u": 1, "20m": 1, "100000": [1, 7], "20000": 1, "mem": 1, "core": 1, "associ": 1, "field": 1, "1": [1, 3, 7], "o": [1, 5], "compet": 1, "blockio": 1, "weight": 1, "1000": [1, 7], "leafweight": 1, "accept": 1, "between": [1, 7], "10": [1, 3, 7], "until": 1, "unless": 1, "overridden": 1, "rule": [1, 5], "relat": [1, 3], "purpos": [1, 4], "heavili": 1, "weigh": 1, "task": [1, 7], "while": [1, 3, 6], "child": 1, "minor": 1, "overrid": 1, "loop0": 1, "loop1": 1, "weightdevic": 1, "100": 1, "read": [1, 3], "absolut": 1, "16mb": 1, "second": 1, "throttlereadbpsdevic": 1, "16777216": 1, "throttlewritebpsdevic": 1, "valid": 1, "constraint": [1, 6], "howev": [1, 3, 4, 6], "rather": [1, 7], "sign": [1, 5], "author": [1, 5], "against": 1, "entiti": 1, "lock": 1, "down": [1, 7], "fulli": 1, "bypass": 1, "execgroup": 1, "tagnam": 1, "group2": 1, "whitelist": 1, "dirpath": 1, "keyfp": 1, "7064b1d6eff01b1262fed3f03581d99fe87eafd1": 1, "mention": 1, "three": 1, "whitestrict": 1, "long": [1, 3, 5], "one": [1, 3, 7], "blacklist": 1, "whose": 1, "older": [1, 3], "temporarili": [1, 7], "legaci": 1, "signatur": [1, 5], "legacyinsecur": 1, "true": [1, 7], "keyr": 1, "verif": 1, "export": 1, "privat": [1, 3, 7], "store": [1, 3, 6], "sysconfdir": [1, 3], "pgp": 1, "properli": 1, "inject": 1, "driver": [1, 3], "match": [1, 3, 7], "opencl": 1, "depend": [1, 3, 7], "comput": [1, 3], "framework": 1, "nvliblist": 1, "11": [1, 3, 5, 7], "further": [1, 5], "filenam": 1, "xxxx": 1, "form": [1, 4, 7], "ldconfig": 1, "p": [1, 7], "exectu": 1, "search": 1, "tool": [1, 3], "offici": 1, "target": [1, 3], "nvccli": 1, "setup": [1, 5, 7], "cannot": [1, 3, 7], "oper": [1, 3, 7], "perform": [1, 3, 6, 7], "broadli": 1, "similar": [1, 6], "carri": 1, "rocmliblist": 1, "rocmlist": 1, "basenam": 1, "bound": 1, "put": 1, "ensur": [1, 7], "permiss": [1, 3, 4], "exclud": 1, "smi": 1, "rocminfo": 1, "libnam": 1, "lib": [1, 3, 7], "end": [1, 3], "libamd_comgr": 1, "libcomgr": 1, "libcxlactivitylogg": 1, "receiv": 1, "warn": 1, "ld": 1, "extrem": 1, "recogn": 1, "level": 1, "break": 1, "becom": [1, 7], "toward": 1, "architectur": [1, 2, 3], "develop": [1, 3], "might": [1, 7], "attack": 1, "surfac": 1, "normal": [1, 3, 7], "good": [1, 4], "multi": 1, "tenant": 1, "hpc": 1, "better": [1, 3], "revok": [1, 5], "basi": 1, "u": 1, "suppos": 1, "pinger": 1, "open": [1, 3], "raw": [1, 3], "socket": 1, "ping": 1, "cap_net_raw": 1, "advantag": [1, 7], "sylab": [1, 3, 4], "ubuntu_p": 1, "c": [1, 3, 4, 7], "8": [1, 3, 7], "56": 1, "84": 1, "data": [1, 4], "64": 1, "icmp_seq": 1, "ttl": 1, "52": 1, "73": 1, "m": 1, "statist": 1, "packet": 1, "transmit": 1, "loss": [1, 4], "0m": 1, "rtt": 1, "min": 1, "avg": 1, "mdev": 1, "178": 1, "000": 1, "longer": [1, 7], "necessari": [1, 7], "tri": 1, "subcommand": 1, "insensit": 1, "keyword": 1, "man": [1, 3, 7], "page": [1, 7], "filter": 1, "being": [1, 3, 6, 7], "alon": 1, "smaller": 1, "defaultact": 1, "scmp_act_allow": 1, "scmp_act_errno": 1, "thread": 1, "return": 1, "errno": 1, "syscal": 1, "david": 1, "my": [1, 3], "insight": 1, "userdoc": 1, "appendix": 1, "wide": 1, "typic": [1, 6], "vari": [1, 3], "login": [1, 7], "account": 1, "authent": 1, "premis": 1, "fresh": 1, "defaultremot": 1, "openpgp": 1, "compani": 1, "enterpris": [1, 3], "info": [1, 3], "detect": 1, "Will": 1, "log": 1, "convers": [1, 6], "onc": [1, 3], "copi": [1, 3, 6], "modif": [1, 4], "themselv": 1, "usabl": 1, "servic": [1, 3, 4, 7], "uri": 1, "activ": [1, 7], "NO": [1, 4], "myremot": 1, "expos": [1, 3], "discoveri": 1, "connect": 1, "protocol": 1, "url": [1, 3], "formerli": 1, "ora": 1, "unnecessari": 1, "still": [1, 3, 7], "previou": 1, "befor": [1, 3], "anonym": 1, "sylabscloud": 1, "sycloud": 1, "product": [1, 3, 4], "correl": 1, "checkpoint": [1, 6], "dmctp": 1, "restart": [1, 7], "mark": 1, "flexibl": [1, 3], "feedback": 1, "warrant": 1, "improv": 1, "overal": 1, "matur": 1, "arrai": 1, "bin": [1, 3, 7], "dmtcp_command": 1, "dmtcp_discover_rm": 1, "dmtcp_launch": 1, "libdmtcp_alloc": 1, "libdmtcp_dl": 1, "libdmtcp_modifi": 1, "env": 1, "welcom": 2, "apptain": [2, 4, 6, 7], "aim": 2, "cover": 2, "configur": [2, 6], "topic": 2, "quickstart": 2, "window": 2, "mac": 2, "migrat": 2, "cgroup": [2, 5], "toml": 2, "ecl": 2, "librari": [2, 3, 6], "capabl": [2, 5], "json": 2, "seccomp": [2, 5], "profil": [2, 3, 7], "remot": [2, 3, 6], "yaml": [2, 6], "dmtcp": 2, "rootless": [2, 3, 5], "licens": 2, "earlier": 3, "modern": 3, "metal": 3, "machin": 3, "often": 3, "nest": 3, "anoth": [3, 6, 7], "150mib": 3, "disk": 3, "compil": 3, "cpu": [3, 5], "memori": 3, "least": [3, 7], "2gb": 3, "ram": 3, "minimum": 3, "18": [3, 7], "1127": [3, 7], "rhel7": [3, 7], "setuid": [3, 6, 7], "bind": 3, "persist": [3, 7], "sure": 3, "familiar": 3, "top": [3, 7], "rhel": 3, "unabl": 3, "correctli": 3, "rocm": 3, "suppli": 3, "identifi": [3, 7], "sbin": 3, "parallel": 3, "localstatedir": 3, "tmpdir": 3, "apptainer_tmpdir": 3, "wherev": 3, "neglig": [3, 4], "1mib": 3, "construct": 3, "combin": [3, 7], "Not": 3, "aspect": 3, "referenc": 3, "lowerdir": 3, "act": [3, 7], "abl": [3, 5, 7], "upperdir": 3, "merg": 3, "onto": 3, "subuid": [3, 7], "subgid": [3, 7], "ext4": 3, "xf": 3, "problem": 3, "id": [3, 7], "fileserv": 3, "probabl": 3, "don": [3, 7], "layer": 3, "apptainer_cachedir": 3, "variabl": 3, "uniqu": 3, "suffici": 3, "anticip": 3, "concurr": 3, "safe": 3, "overlap": [3, 7], "expect": 3, "posix": 3, "topologi": 3, "exampl": [3, 5, 7], "mdt": 3, "client": 3, "step": [3, 5, 7], "independ": 3, "fetch": 3, "disallow": 3, "red": 3, "hat": 3, "deriv": [3, 4], "suse": 3, "opensus": 3, "easiest": 3, "curl": 3, "http": [3, 4], "githubusercont": 3, "main": 3, "sh": [3, 7], "few": [3, 7], "aren": 3, "rpm2cpio": 3, "cpio": 3, "pick": 3, "correct": 3, "oldest": 3, "old": [3, 6], "prebuilt": 3, "varieti": 3, "repositori": 3, "yum": 3, "Then": 3, "x86_64": 3, "immedi": 3, "after": [3, 6], "amd64": 3, "apt": 3, "updat": [3, 6, 7], "wget": 3, "cd": [3, 7], "apptainer_1": 3, "4_amd64": 3, "suid_1": 3, "dpkg": 3, "ppa": 3, "person": 3, "archiv": 3, "arm64": 3, "softwar": [3, 4], "properti": 3, "obtain": 3, "desktop": 3, "skip": 3, "move": [3, 6], "continu": 3, "reloc": 3, "ownership": [3, 7], "enjoi": 3, "assum": 3, "bashrc": 3, "adjust": 3, "cento": 3, "easili": 3, "upgrad": [3, 6], "debian_packag": 3, "show": [3, 7], "confirm": [3, 7], "troubleshoot": 3, "package_nam": 3, "package_vers": 3, "builddir": 3, "dtrudg": 3, "git": 3, "execprefix": 3, "bindir": 3, "sbindir": 3, "libexecdir": 3, "libexec": 3, "datarootdir": 3, "datadir": 3, "sharedstatedir": 3, "runstatedir": 3, "includedir": 3, "docdir": 3, "infodir": 3, "libdir": 3, "localedir": 3, "mandir": 3, "apptainer_confdir": 3, "mnt": 3, "session": 3, "plugin_rootdir": 3, "plugin": 3, "apptainer_conf_fil": 3, "apptainer_suid_instal": 3, "storag": 3, "codebas": 3, "ci": 3, "code": [3, 4], "lint": 3, "unit": 3, "e2": 3, "exercis": 3, "larg": [3, 7], "cli": 3, "nc": 3, "starter": 3, "incompat": 3, "contrari": 3, "popular": 3, "misconcept": 3, "maco": 3, "darwin": 3, "fork": 3, "bsd": [3, 4], "platform": 3, "box": 3, "hashicorp": 3, "vm": 3, "choic": 3, "select": 3, "virtualbox": 3, "hyper": 3, "wsl": 3, "homebrew": 3, "manual": [3, 6, 7], "fssl": 3, "brew": 3, "cask": 3, "init": 3, "vagrantfil": 3, "36": 3, "vb": 3, "provis": [3, 7], "inlin": 3, "ssh": 3, "qemu": 3, "limactl": 3, "templat": 3, "subject": 4, "claus": 4, "copyright": 4, "contributor": 4, "project": [4, 6, 7], "establish": 4, "seri": 4, "lf": 4, "llc": 4, "websit": [4, 5], "term": 4, "trademark": 4, "polici": 4, "privaci": 4, "lfproject": 4, "2018": 4, "2023": 4, "inc": 4, "right": 4, "reserv": [4, 7], "2017": 4, "singularitywar": 4, "redistribut": 4, "binari": [4, 7], "met": 4, "retain": 4, "notic": [4, 7], "disclaim": 4, "materi": 4, "neither": 4, "holder": 4, "nor": 4, "endors": 4, "promot": 4, "prior": [4, 7], "BY": 4, "THE": 4, "AND": 4, "AS": 4, "express": 4, "OR": 4, "impli": 4, "warranti": 4, "BUT": 4, "NOT": 4, "TO": 4, "OF": 4, "merchant": 4, "fit": 4, "FOR": 4, "particular": [4, 6], "IN": 4, "event": 4, "shall": 4, "BE": 4, "liabl": 4, "indirect": 4, "incident": 4, "exemplari": 4, "consequenti": 4, "damag": 4, "procur": 4, "substitut": 4, "profit": 4, "busi": 4, "interrupt": 4, "ON": 4, "theori": 4, "liabil": 4, "contract": 4, "strict": 4, "tort": 4, "aris": 4, "IF": 4, "advis": [4, 7], "SUCH": 4, "who": 5, "kei": 5, "harden": 5, "apparmor": 5, "deleg": 5, "el9": 5, "ubuntu": 5, "22": 5, "04": 5, "fedora": 5, "31": 5, "el8": 5, "20": 5, "cpuset": 5, "sinc": 6, "foundat": 6, "goal": 6, "impact": [6, 7], "experi": 6, "reach": 6, "place": 6, "alreadi": 6, "could": 6, "prevent": 6, "produc": 6, "messag": 6, "cleanup": 6, "incomplet": 6, "format": [6, 7], "counterpart": 6, "renam": 6, "comment": [6, 7], "content": 6, "around": 6, "simpli": 6, "care": 6, "wipe": 6, "big": 6, "higher": 6, "risk": [6, 7], "consid": [6, 7], "restor": 6, "uid": 7, "1001": 7, "pro": 7, "con": 7, "creation": 7, "support": 7, "equival": 7, "backport": 7, "addition": 7, "sysctl": 7, "line": 7, "consult": 7, "vendor": 7, "echo": 7, "unprivileged_userns_clon": 7, "d": 7, "90": 7, "unprivileged_usern": 7, "max_user_namespac": 7, "15000": 7, "exploit": 7, "almost": 7, "last": 7, "year": 7, "therefor": 7, "substanti": 7, "reduc": 7, "urgent": 7, "vulner": 7, "announc": 7, "max_net_namespac": 7, "littl": 7, "begin": 7, "unfortun": 7, "podman": 7, "privatenetwork": 7, "turn": 7, "off": 7, "hostnam": 7, "mkdir": 7, "statu": 7, "systemctl": 7, "reload": 7, "appear": 7, "emul": 7, "refer": 7, "assist": 7, "enhanc": 7, "rest": 7, "done": 7, "less": 7, "again": 7, "gid": 7, "unus": 7, "rang": 7, "manipul": 7, "handl": 7, "itself": 7, "With": 7, "extern": 7, "newuidmap": 7, "newgidmap": 7, "reli": 7, "real": 7, "vacant": 7, "remap": 7, "understand": 7, "foo": 7, "65536": 7, "usernam": 7, "useradd": 7, "addus": 7, "glibc": 7, "nss": 7, "switch": 7, "mechan": 7, "ldap": 7, "larger": 7, "bar": 7, "165536": 7, "sub": 7, "165535": 7, "231071": 7, "confin": 7, "wish": 7, "10000": 7, "pars": 7, "penalti": 7, "benchmark": 7, "shown": 7, "20x": 7, "happen": 7, "100001": 7, "veth": 7, "pair": 7, "implic": 7, "manner": 7, "sensit": 7, "deploi": 7, "arrang": 7, "At": 7, "central": 7, "dave": 7, "4294836224": 7, "32": 7, "subsequ": 7, "prefer": 7, "faster": 7, "lookup": 7, "r": 7, "assign": 7, "remain": 7, "uncom": 7, "re": 7}, "objects": {}, "objtypes": {}, "objnames": {}, "titleterms": {"admin": [0, 2], "quick": 0, "start": 0, "architectur": 0, "apptain": [0, 1, 3, 5], "secur": [0, 5], "instal": [0, 3], "configur": [0, 1, 3, 5, 7], "test": [0, 3], "file": [1, 3], "conf": 1, "setuid": 1, "capabl": 1, "loop": 1, "devic": 1, "namespac": [1, 7], "option": [1, 5], "session": 1, "directori": 1, "system": [1, 3], "mount": 1, "bind": 1, "manag": 1, "limit": [1, 3], "contain": 1, "execut": 1, "network": [1, 3, 7], "gpu": 1, "supplement": 1, "filesystem": [1, 3, 7], "cni": 1, "plugin": 1, "extern": 1, "binari": [1, 3], "concurr": 1, "download": 1, "cgroup": 1, "updat": 1, "exampl": 1, "toml": 1, "memori": 1, "cpu": 1, "io": 1, "other": 1, "ecl": 1, "public": 1, "kei": 1, "librari": 1, "nvidia": 1, "cuda": 1, "experiment": 1, "cli": 1, "support": [1, 3], "amd": 1, "radeon": 1, "rocm": 1, "liblist": 1, "format": 1, "json": 1, "seccomp": 1, "profil": 1, "remot": 1, "yaml": 1, "endpoint": 1, "exclus": 1, "insecur": 1, "http": 1, "restor": 1, "pre": [1, 3], "behavior": 1, "addit": 1, "inform": 1, "keyserv": 1, "dmtcp": 1, "guid": 2, "linux": 3, "requir": [3, 7], "non": 3, "standard": 3, "ldconfig": 3, "nix": 3, "guix": 3, "environ": 3, "overlai": 3, "fakeroot": [3, 7], "uid": 3, "gid": 3, "map": [3, 7], "cach": 3, "atom": 3, "renam": 3, "nf": 3, "lustr": 3, "gpf": 3, "panf": 3, "fuse": 3, "base": 3, "unprivileg": 3, "from": [3, 6], "built": 3, "packag": 3, "rpm": 3, "epel": 3, "fedora": 3, "github": 3, "releas": 3, "debian": [3, 7], "ubuntu": 3, "sourc": 3, "relocat": 3, "bash": 3, "complet": 3, "build": 3, "an": 3, "check": 3, "buildcfg": 3, "suit": 3, "window": 3, "mac": 3, "vagrant": 3, "lima": 3, "licens": 4, "runtim": 5, "migrat": 6, "singular": 6, "user": 7, "rhel": 7, "cento": 7, "7": 7, "disabl": 7, "rootless": 7, "featur": 7, "basic": 7, "consider": 7, "config": 7, "ad": 7, "delet": 7, "enabl": 7}, "envversion": {"sphinx.domains.c": 2, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 8, "sphinx.domains.index": 1, "sphinx.domains.javascript": 2, "sphinx.domains.math": 2, "sphinx.domains.python": 3, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx": 57}, "alltitles": {"Admin Quick Start": [[0, "admin-quick-start"]], "Architecture of Apptainer": [[0, "architecture-of-apptainer"]], "Apptainer Security": [[0, "apptainer-security"]], "Installation": [[0, "installation"]], "Configuration": [[0, "configuration"]], "Testing": [[0, "testing"]], "Apptainer Configuration Files": [[1, "apptainer-configuration-files"]], "apptainer.conf": [[1, "apptainer-conf"]], "Setuid and Capabilities": [[1, "setuid-and-capabilities"]], "Loop Devices": [[1, "loop-devices"]], "Namespace Options": [[1, "namespace-options"]], "Configuration Files": [[1, "configuration-files"]], "Session Directory and System Mounts": [[1, "session-directory-and-system-mounts"]], "Bind Mount Management": [[1, "bind-mount-management"]], "Limiting Container Execution": [[1, "limiting-container-execution"]], "Networking Options": [[1, "networking-options"]], "GPU Options": [[1, "gpu-options"]], "Supplemental Filesystems": [[1, "supplemental-filesystems"]], "CNI Configuration and Plugins": [[1, "cni-configuration-and-plugins"]], "External Binaries": [[1, "external-binaries"]], "Concurrent Downloads": [[1, "concurrent-downloads"]], "Cgroups Options": [[1, "cgroups-options"]], "Updating Configuration Options": [[1, "updating-configuration-options"]], "Example": [[1, "example"]], "cgroups.toml": [[1, "cgroups-toml"]], "Examples": [[1, "examples"]], "Limiting memory": [[1, "limiting-memory"]], "Limiting CPU": [[1, "limiting-cpu"]], "Limiting IO": [[1, "limiting-io"]], "Other limits": [[1, "other-limits"]], "ecl.toml": [[1, "ecl-toml"]], "Managing ECL public keys": [[1, "managing-ecl-public-keys"]], "GPU Library Configuration": [[1, "gpu-library-configuration"]], "NVIDIA GPUs / CUDA": [[1, "nvidia-gpus-cuda"]], "Experimental nvidia-container-cli Support": [[1, "experimental-nvidia-container-cli-support"]], "AMD Radeon GPUs / ROCm": [[1, "amd-radeon-gpus-rocm"]], "GPU liblist format": [[1, "gpu-liblist-format"]], "capability.json": [[1, "capability-json"]], "seccomp-profiles": [[1, "seccomp-profiles"]], "remote.yaml": [[1, "remote-yaml"]], "Remote Endpoints": [[1, "remote-endpoints"]], "Exclusive Endpoint": [[1, "exclusive-endpoint"]], "Insecure (HTTP) Endpoints": [[1, "insecure-http-endpoints"]], "Restoring pre-Apptainer library behavior": [[1, "restoring-pre-apptainer-library-behavior"]], "Additional Information": [[1, "additional-information"]], "Keyserver Configuration": [[1, "keyserver-configuration"]], "dmtcp-conf.yaml": [[1, "dmtcp-conf-yaml"]], "Admin Guide": [[2, "admin-guide"]], "Installing Apptainer": [[3, "installing-apptainer"]], "Installation on Linux": [[3, "installation-on-linux"]], "System Requirements": [[3, "system-requirements"]], "Non-standard ldconfig / Nix & Guix Environments": [[3, "non-standard-ldconfig-nix-guix-environments"]], "Filesystem support / limitations": [[3, "filesystem-support-limitations"]], "Overlay support": [[3, "overlay-support"]], "Fakeroot with uid/gid mapping on Network filesystems": [[3, "fakeroot-with-uid-gid-mapping-on-network-filesystems"]], "Apptainer cache / atomic rename": [[3, "apptainer-cache-atomic-rename"]], "NFS": [[3, "nfs"]], "Lustre / GPFS / PanFS": [[3, "lustre-gpfs-panfs"]], "FUSE-based filesystems": [[3, "fuse-based-filesystems"]], "Install unprivileged from pre-built binaries": [[3, "install-unprivileged-from-pre-built-binaries"]], "Install from pre-built packages": [[3, "install-from-pre-built-packages"]], "Install RPM from EPEL or Fedora": [[3, "install-rpm-from-epel-or-fedora"]], "Install from GitHub release RPMs": [[3, "install-from-github-release-rpms"]], "Install Debian packages": [[3, "install-debian-packages"]], "Install Ubuntu packages": [[3, "install-ubuntu-packages"]], "Install from Source": [[3, "install-from-source"]], "Relocatable Installation": [[3, "relocatable-installation"]], "Source bash completion file": [[3, "source-bash-completion-file"]], "Build an RPM": [[3, "build-an-rpm"]], "Build a Debian package": [[3, "build-a-debian-package"]], "Testing & Checking the Build Configuration": [[3, "testing-checking-the-build-configuration"]], "apptainer buildcfg": [[3, "apptainer-buildcfg"]], "Test Suite": [[3, "test-suite"]], "Installation on Windows or Mac": [[3, "installation-on-windows-or-mac"]], "Windows": [[3, "windows"]], "Vagrant": [[3, "vagrant"], [3, "id2"]], "Lima": [[3, "id1"], [3, "id3"]], "Mac": [[3, "mac"]], "License": [[4, "license"]], "Security in Apptainer": [[5, "security-in-apptainer"]], "Configuration & Runtime Options": [[5, "configuration-runtime-options"]], "Migrating From Singularity": [[6, "migrating-from-singularity"]], "User Namespaces & Fakeroot": [[7, "user-namespaces-fakeroot"]], "User Namespace Requirements": [[7, "user-namespace-requirements"]], "Debian": [[7, "debian"]], "RHEL/CentOS 7": [[7, "rhel-centos-7"]], "Disabling network namespaces": [[7, "disabling-network-namespaces"]], "\u201cRootless\u201d Fakeroot feature": [[7, "rootless-fakeroot-feature"]], "Requirements": [[7, "requirements"]], "Basics": [[7, "basics"]], "Filesystem considerations": [[7, "filesystem-considerations"]], "Network configuration": [[7, "network-configuration"]], "Configuration with config fakeroot": [[7, "configuration-with-config-fakeroot"]], "Adding a fakeroot mapping": [[7, "adding-a-fakeroot-mapping"]], "Deleting, disabling, enabling mappings": [[7, "deleting-disabling-enabling-mappings"]]}, "indexentries": {}})
\ No newline at end of file
+Search.setIndex({"docnames": ["admin_quickstart", "configfiles", "index", "installation", "license", "security", "singularity_migration", "user_namespace"], "filenames": ["admin_quickstart.rst", "configfiles.rst", "index.rst", "installation.rst", "license.rst", "security.rst", "singularity_migration.rst", "user_namespace.rst"], "titles": ["Admin Quick Start", "Apptainer Configuration Files", "Admin Guide", "Installing Apptainer", "License", "Security in Apptainer", "Migrating From Singularity", "User Namespaces & Fakeroot"], "terms": {"thi": [0, 1, 2, 3, 4, 6, 7], "give": [0, 1], "an": [0, 1, 6, 7], "overview": 0, "descript": [0, 1], "pointer": 0, "file": [0, 2, 5, 6, 7], "more": [0, 1, 2, 3, 5, 7], "inform": [0, 2, 3, 6], "includ": [0, 1, 3, 4, 7], "altern": [0, 3], "option": [0, 2, 3, 6, 7], "detail": [0, 1, 2, 3, 5, 7], "can": [0, 1, 3, 5, 6, 7], "found": [0, 1, 3], "later": 0, "guid": [0, 1, 3, 5, 6, 7], "i": [0, 1, 3, 4, 5, 6, 7], "design": 0, "allow": [0, 1, 3, 5, 7], "contain": [0, 3, 5, 7], "execut": [0, 3, 5], "thei": [0, 1, 3, 6, 7], "were": [0, 1, 7], "nativ": [0, 1, 3], "program": [0, 1, 3, 7], "script": [0, 3], "host": [0, 1, 3, 7], "system": [0, 2, 5, 6, 7], "No": 0, "daemon": [0, 7], "requir": [0, 1, 2], "build": [0, 1], "run": [0, 1, 3, 5, 7], "model": 0, "compat": [0, 1, 3, 5, 6], "share": [0, 1, 3], "As": [0, 1, 3], "result": [0, 3, 7], "integr": [0, 1, 3], "cluster": [0, 7], "schedul": [0, 1], "univa": 0, "grid": 0, "engin": 0, "torqu": 0, "slurm": 0, "sge": 0, "mani": [0, 1, 3, 7], "other": [0, 2, 3, 4, 5, 7], "simpl": [0, 3, 7], "ani": [0, 3, 4, 6, 7], "command": [0, 1, 3, 7], "all": [0, 1, 3, 4, 5, 6, 7], "standard": 0, "input": 0, "output": [0, 1], "error": [0, 1, 3, 7], "pipe": 0, "ipc": 0, "commun": [0, 1, 6], "pathwai": 0, "us": [0, 1, 2, 3, 4, 5, 7], "local": [0, 1, 3, 6, 7], "ar": [0, 1, 3, 4, 5, 6, 7], "synchron": [0, 7], "applic": [0, 1], "within": [0, 1, 6], "favor": 0, "over": [0, 1], "isol": [0, 1, 3, 7], "approach": [0, 1], "By": [0, 1, 3, 5, 7], "default": [0, 1, 3, 5, 6, 7], "onli": [0, 1, 3, 5, 7], "mount": [0, 3, 7], "user": [0, 1, 2, 3, 5, 6], "namespac": [0, 2, 3, 6], "so": [0, 1, 3, 5, 6, 7], "have": [0, 1, 3, 6, 7], "own": [0, 1, 7], "filesystem": 0, "view": [0, 3], "access": [0, 1, 3, 7], "hardwar": 0, "gpu": [0, 2, 3], "high": 0, "speed": [0, 1, 7], "network": [0, 2], "easi": 0, "doe": [0, 1, 3, 6, 7], "special": [0, 1, 4, 7], "home": [0, 1, 3], "directori": [0, 3, 6, 7], "tmp": [0, 1, 3], "space": [0, 3, 7], "specif": [0, 1, 3, 4], "make": [0, 1, 3, 6, 7], "benefit": 0, "from": [0, 1, 2, 4, 7], "reproduc": [0, 4], "container": [0, 1], "without": [0, 1, 3, 4, 5, 7], "major": [0, 1], "chang": [0, 1, 3, 6, 7], "exist": [0, 1, 7], "workflow": [0, 1], "where": [0, 1, 3, 7], "complet": [0, 1, 7], "import": [0, 1, 2, 3, 6, 7], "addit": [0, 3, 7], "linux": [0, 1, 2, 6, 7], "resourc": [0, 1, 5], "limit": [0, 4, 5], "accomplish": 0, "see": [0, 1, 2, 3, 4, 5, 6, 7], "section": [0, 1, 3, 5, 6, 7], "sourc": [0, 1, 4, 6], "directli": [0, 1, 3], "rpm": [0, 1, 6], "debian": [0, 5], "packag": [0, 1, 6, 7], "download": [0, 3], "pre": [0, 6], "built": 0, "distribut": [0, 1, 3, 4, 7], "mai": [0, 1, 3, 4, 6, 7], "also": [0, 1, 3, 6, 7], "up": [0, 1, 3, 7], "date": 0, "upstream": 0, "version": [0, 1, 3], "github": [0, 1], "To": [0, 1, 3, 7], "follow": [0, 1, 3, 4, 5, 7], "instruct": [0, 2, 3], "md": [0, 1, 3], "method": [0, 1, 3, 7], "discuss": [0, 1, 3, 7], "under": [0, 1, 3, 6], "etc": [0, 1, 3, 5, 6, 7], "your": [0, 1, 3, 6, 7], "prefix": [0, 1, 3, 6], "syconfdir": 0, "you": [0, 1, 3, 6, 7], "mconfig": [0, 3], "In": [0, 1, 3, 6, 7], "set": [0, 1, 3, 5, 7], "find": [0, 1, 3, 6, 7], "them": [0, 1, 3, 5, 7], "usr": [0, 1, 3, 6], "deb": [0, 1, 3, 6], "edit": [0, 7], "config": [0, 1, 3, 6], "global": [0, 1], "root": [0, 1, 3, 5, 6, 7], "manag": [0, 3, 5, 7], "conf": [0, 2, 3, 6, 7], "control": [0, 1, 5], "runtim": [0, 1, 2, 3, 6, 7], "behavior": [0, 6], "head": [0, 3], "small": 0, "alpin": [0, 1, 3], "exec": [0, 1, 3], "docker": [0, 3, 7], "cat": [0, 3, 7], "releas": [0, 7], "3": [0, 1, 3, 4, 7], "9": [0, 3], "2": [0, 1, 3, 7], "about": [0, 1, 2, 3, 6], "how": [0, 1, 2, 3, 5, 6, 7], "administr": [1, 2, 5, 6, 7], "variou": 1, "let": 1, "secur": [1, 2, 3, 6, 7], "restrict": [1, 3, 5, 7], "when": [1, 3, 5, 6, 7], "instal": [1, 2, 6, 7], "across": [1, 3], "though": [1, 3, 7], "locat": [1, 3, 6], "differ": [1, 3, 7], "base": [1, 5, 6, 7], "pass": [1, 6], "dure": [1, 3, 6, 7], "For": [1, 3, 4, 5, 7], "describ": [1, 7], "paramet": [1, 5, 6, 7], "most": [1, 3, 7], "defin": [1, 7], "entir": 1, "influenc": 1, "function": [1, 3, 7], "measur": 1, "must": [1, 3, 4, 7], "writabl": [1, 3], "refus": 1, "case": [1, 3, 6, 7], "non": [1, 7], "ever": 1, "privileg": [1, 3, 7], "thu": 1, "do": [1, 3, 7], "The": [1, 3, 6, 7], "via": [1, 3, 7], "list": [1, 3, 4, 5], "below": [1, 3, 7], "group": [1, 7], "togeth": 1, "relev": 1, "actual": [1, 7], "order": [1, 3, 7], "featur": [1, 2, 3], "need": [1, 6, 7], "some": [1, 3, 7], "call": [1, 3, 7], "achiev": 1, "helper": 1, "bit": [1, 7], "enabl": [1, 3, 5, 6], "disabl": [1, 2, 3], "abil": [1, 7], "util": [1, 7], "ye": [1, 7], "suid": [1, 3, 6, 7], "which": [1, 3, 6, 7], "kept": 1, "known": 1, "mode": [1, 3, 7], "full": [1, 3], "maintain": [1, 3], "same": [1, 3, 6, 7], "keep": 1, "priv": 1, "grant": [1, 5, 7], "individu": 1, "launch": 1, "through": [1, 3, 7], "add": [1, 3, 7], "cap": 1, "drop": 1, "flag": [1, 5], "pleas": [1, 3, 5, 6, 7], "facilit": 1, "sif": [1, 3, 5, 7], "imag": [1, 3], "max": 1, "admin": 1, "total": 1, "number": [1, 3, 7], "consum": 1, "given": 1, "time": [1, 7], "singl": [1, 3], "minim": [1, 6, 7], "usag": [1, 3, 5], "help": [1, 6], "optim": 1, "kernel": [1, 3, 7], "cach": 1, "particularli": 1, "mpi": 1, "job": 1, "pid": 1, "n": 1, "determin": 1, "leverag": 1, "confus": 1, "process": [1, 3, 7], "track": 1, "well": 1, "implement": 1, "automat": [1, 3, 6, 7], "creat": [1, 3, 7], "modifi": [1, 6], "sever": [1, 3], "eas": 1, "These": 1, "effect": 1, "overlai": [1, 7], "underlai": 1, "passwd": 1, "should": [1, 3, 6], "append": 1, "entri": [1, 3, 7], "": [1, 3, 5, 7], "resolv_conf": 1, "resolv": 1, "sessiondir": [1, 3], "size": [1, 3, 7], "temporari": [1, 3], "assembl": 1, "compon": [1, 6, 7], "hold": [1, 3], "written": [1, 4], "tmpf": [1, 3], "plu": 1, "valu": [1, 7], "64mib": 1, "If": [1, 3, 6, 7], "commonli": [1, 7], "increas": 1, "accommod": 1, "grow": 1, "specifi": [1, 7], "maximum": [1, 3], "alloc": [1, 7], "ahead": 1, "proc": 1, "sy": 1, "dev": 1, "want": [1, 3, 6, 7], "tree": [1, 3], "null": 1, "zero": 1, "random": 1, "urandom": 1, "shm": 1, "devpt": 1, "new": [1, 3, 6, 7], "instanc": [1, 3], "explain": 1, "abov": [1, 3, 4, 7], "either": [1, 6], "config_devpts_multiple_inst": 1, "y": [1, 3], "newer": [1, 5], "than": [1, 3, 7], "4": [1, 3, 7], "7": 1, "attempt": [1, 3, 7], "var": [1, 3], "both": [1, 3], "workdir": 1, "hostf": 1, "caus": [1, 4, 6], "probe": 1, "those": [1, 7], "slave": 1, "hand": 1, "propag": 1, "autof": 1, "occur": [1, 3], "reflect": 1, "f": 1, "type": [1, 3, 7], "choos": [1, 3], "primarili": 1, "like": [1, 3, 6, 7], "crai": 1, "cle": 1, "5": [1, 3, 7], "6": 1, "0": [1, 3, 7], "up05": 1, "issu": [1, 3, 6], "panic": 1, "affect": [1, 3, 7], "recommend": [1, 3, 6, 7], "ramf": 1, "avoid": 1, "path": [1, 3], "made": [1, 3, 7], "avail": [1, 3, 7], "successfulli": 1, "ignor": 1, "invok": 1, "point": [1, 3, 7], "destin": 1, "ident": [1, 6], "localtim": 1, "Or": 1, "colon": 1, "nsswitch": 1, "decid": [1, 6], "mean": [1, 3, 6], "scratch": 1, "There": [1, 3, 7], "wai": [1, 3, 4, 7], "stricter": 1, "check": [1, 7], "out": [1, 4, 6], "owner": 1, "appli": [1, 5, 6], "permit": [1, 4, 7], "deni": [1, 3], "unencrypt": 1, "encrypt": 1, "squashf": 1, "bare": [1, 3], "e": [1, 3, 6, 7], "g": [1, 3, 6], "singular": [1, 2], "x": 1, "extf": 1, "ext": 1, "dir": [1, 3], "sandbox": [1, 3], "insid": [1, 3, 7], "outsid": [1, 7], "ext3": 1, "reason": 1, "unlik": 1, "virtual": [1, 3], "unrestrict": 1, "certain": [1, 3], "disrupt": 1, "environ": 1, "net": [1, 7], "administ": [1, 7], "except": [1, 6], "fakeroot": [1, 2, 6], "40_fakeroot": [1, 7], "conflist": [1, 7], "name": [1, 4, 6, 7], "direct": [1, 4, 7], "provid": [1, 3, 4, 7], "workload": 1, "seamlessli": 1, "checkout": 1, "alwai": [1, 3], "nv": [1, 3], "everi": 1, "action": 1, "shell": [1, 3, 7], "implicitli": 1, "ad": 1, "fusemount": 1, "fuse": [1, 7], "try": [1, 3, 7], "overlayf": [1, 3, 7], "fail": 1, "silent": 1, "fatal": 1, "effici": 1, "gener": [1, 3, 7], "desir": 1, "just": 1, "instead": [1, 3, 6, 7], "suitabl": 1, "possibl": [1, 3, 4, 5, 7], "work": [1, 2, 3, 7], "custom": [1, 3], "replac": [1, 3], "whenev": [1, 7], "isn": 1, "t": [1, 3, 7], "veri": 1, "basic": [1, 3], "flow": [1, 3], "pull": [1, 3], "multipl": [1, 3, 7], "part": [1, 6, 7], "v": [1, 3], "stream": 1, "appropri": [1, 7], "api": 1, "registri": 1, "tune": 1, "condit": [1, 4], "server": [1, 3], "cloud": [1, 3], "each": [1, 3, 7], "byte": 1, "buffer": 1, "transfer": 1, "systemd": [1, 5, 7], "whether": [1, 4], "v2": [1, 5], "unprivileg": [1, 5, 7], "cgroupf": 1, "ha": [1, 3, 6, 7], "get": 1, "reset": 1, "unset": 1, "It": [1, 3, 6, 7], "note": [1, 3, 6], "elev": 1, "becaus": [1, 3, 6], "we": [1, 3, 6, 7], "first": [1, 3, 5, 7], "current": [1, 3, 7], "our": 1, "sudo": [1, 3, 7], "now": [1, 7], "verifi": [1, 6], "wa": [1, 7], "here": [1, 5, 7], "remov": [1, 3, 6, 7], "And": [1, 3], "back": [1, 7], "origin": [1, 3, 7], "test": [1, 2], "what": [1, 7], "would": [1, 3], "look": [1, 7], "dry": 1, "conjunct": 1, "write": 1, "been": [1, 6, 7], "had": 1, "string": 1, "undefin": 1, "attach": 1, "respect": [1, 6], "otherwis": [1, 3, 4, 7], "dest": 1, "did": 1, "meter": 1, "rate": 1, "block": [1, 7], "node": [1, 3, 7], "two": [1, 3, 7], "common": [1, 3], "v1": [1, 3, 5], "separ": [1, 3, 6], "hierarchi": 1, "per": 1, "class": 1, "unifi": 1, "simplifi": 1, "structur": [1, 3], "document": [1, 4, 5, 6, 7], "www": 1, "org": [1, 4], "doc": [1, 3], "txt": 1, "repres": 1, "oci": [1, 3], "spec": 1, "com": [1, 3], "opencontain": 1, "blob": 1, "master": 1, "On": [1, 3, 5], "translat": 1, "ebpf": 1, "request": [1, 7], "take": [1, 6, 7], "my_contain": 1, "amount": [1, 3], "500mb": 1, "524288000": 1, "start": [1, 3, 7], "strategi": 1, "correspond": [1, 6], "ratio": 1, "versu": 1, "usual": 1, "1024": [1, 3], "That": [1, 3, 6, 7], "50": 1, "512": 1, "A": [1, 3, 4, 7], "its": [1, 4, 6, 7], "enough": 1, "idl": 1, "cycl": 1, "due": [1, 7], "conserv": 1, "natur": 1, "even": [1, 3, 4, 7], "conflict": [1, 3], "quota": 1, "period": 1, "enforc": [1, 5], "hard": 1, "100m": 1, "100000u": 1, "20m": 1, "100000": [1, 7], "20000": 1, "mem": 1, "core": 1, "associ": 1, "field": 1, "1": [1, 3, 7], "o": [1, 5], "compet": 1, "blockio": 1, "weight": 1, "1000": [1, 7], "leafweight": 1, "accept": 1, "between": [1, 7], "10": [1, 3, 7], "until": 1, "unless": 1, "overridden": 1, "rule": [1, 5], "relat": [1, 3], "purpos": [1, 4], "heavili": 1, "weigh": 1, "task": [1, 7], "while": [1, 3, 6], "child": 1, "minor": 1, "overrid": 1, "loop0": 1, "loop1": 1, "weightdevic": 1, "100": 1, "read": [1, 3], "absolut": 1, "16mb": 1, "second": 1, "throttlereadbpsdevic": 1, "16777216": 1, "throttlewritebpsdevic": 1, "valid": 1, "constraint": [1, 6], "howev": [1, 3, 4, 6], "rather": [1, 7], "sign": [1, 5], "author": [1, 5], "against": 1, "entiti": 1, "lock": 1, "down": [1, 7], "fulli": 1, "bypass": 1, "execgroup": 1, "tagnam": 1, "group2": 1, "whitelist": 1, "dirpath": 1, "keyfp": 1, "7064b1d6eff01b1262fed3f03581d99fe87eafd1": 1, "mention": 1, "three": 1, "whitestrict": 1, "long": [1, 3, 5], "one": [1, 3, 7], "blacklist": 1, "whose": 1, "older": [1, 3], "temporarili": [1, 7], "legaci": 1, "signatur": [1, 5], "legacyinsecur": 1, "true": [1, 7], "keyr": 1, "verif": 1, "export": 1, "privat": [1, 3, 7], "store": [1, 3, 6], "sysconfdir": [1, 3], "pgp": 1, "properli": 1, "inject": 1, "driver": [1, 3], "match": [1, 3, 7], "opencl": 1, "depend": [1, 3, 7], "comput": [1, 3], "framework": 1, "nvliblist": 1, "11": [1, 3, 5, 7], "further": [1, 5], "filenam": 1, "xxxx": 1, "form": [1, 4, 7], "ldconfig": 1, "p": [1, 7], "exectu": 1, "search": 1, "tool": [1, 3], "offici": 1, "target": [1, 3], "nvccli": 1, "setup": [1, 5, 7], "cannot": [1, 3, 7], "oper": [1, 3, 7], "perform": [1, 3, 6, 7], "broadli": 1, "similar": [1, 6], "carri": 1, "rocmliblist": 1, "rocmlist": 1, "basenam": 1, "bound": 1, "put": 1, "ensur": [1, 7], "permiss": [1, 3, 4], "exclud": 1, "smi": 1, "rocminfo": 1, "libnam": 1, "lib": [1, 3, 7], "end": [1, 3], "libamd_comgr": 1, "libcomgr": 1, "libcxlactivitylogg": 1, "receiv": 1, "warn": 1, "ld": 1, "extrem": 1, "recogn": 1, "level": 1, "break": 1, "becom": [1, 7], "toward": 1, "architectur": [1, 2, 3], "develop": [1, 3], "might": [1, 7], "attack": 1, "surfac": 1, "normal": [1, 3, 7], "good": [1, 4], "multi": 1, "tenant": 1, "hpc": 1, "better": [1, 3], "revok": [1, 5], "basi": 1, "u": 1, "suppos": 1, "pinger": 1, "open": [1, 3], "raw": [1, 3], "socket": 1, "ping": 1, "cap_net_raw": 1, "advantag": [1, 7], "sylab": [1, 3, 4], "ubuntu_p": 1, "c": [1, 3, 4, 7], "8": [1, 3, 7], "56": 1, "84": 1, "data": [1, 4], "64": 1, "icmp_seq": 1, "ttl": 1, "52": 1, "73": 1, "m": 1, "statist": 1, "packet": 1, "transmit": 1, "loss": [1, 4], "0m": 1, "rtt": 1, "min": 1, "avg": 1, "mdev": 1, "178": 1, "000": 1, "longer": [1, 7], "necessari": [1, 7], "tri": 1, "subcommand": 1, "insensit": 1, "keyword": 1, "man": [1, 3, 7], "page": [1, 7], "filter": 1, "being": [1, 3, 6, 7], "alon": 1, "smaller": 1, "defaultact": 1, "scmp_act_allow": 1, "scmp_act_errno": 1, "thread": 1, "return": 1, "errno": 1, "syscal": 1, "david": 1, "my": [1, 3], "insight": 1, "userdoc": 1, "appendix": 1, "wide": 1, "typic": [1, 6], "vari": [1, 3], "login": [1, 7], "account": 1, "authent": 1, "premis": 1, "fresh": 1, "defaultremot": 1, "openpgp": 1, "compani": 1, "enterpris": [1, 3], "info": [1, 3], "detect": 1, "Will": 1, "log": 1, "convers": [1, 6], "onc": [1, 3], "copi": [1, 3, 6], "modif": [1, 4], "themselv": 1, "usabl": 1, "servic": [1, 3, 4, 7], "uri": 1, "activ": [1, 7], "NO": [1, 4], "myremot": 1, "expos": [1, 3], "discoveri": 1, "connect": 1, "protocol": 1, "url": [1, 3], "formerli": 1, "ora": 1, "unnecessari": 1, "still": [1, 3, 7], "previou": 1, "befor": [1, 3], "anonym": 1, "sylabscloud": 1, "sycloud": 1, "product": [1, 3, 4], "correl": 1, "checkpoint": [1, 6], "dmctp": 1, "restart": [1, 7], "mark": 1, "flexibl": [1, 3], "feedback": 1, "warrant": 1, "improv": 1, "overal": 1, "matur": 1, "arrai": 1, "bin": [1, 3, 7], "dmtcp_command": 1, "dmtcp_discover_rm": 1, "dmtcp_launch": 1, "libdmtcp_alloc": 1, "libdmtcp_dl": 1, "libdmtcp_modifi": 1, "env": 1, "welcom": 2, "apptain": [2, 4, 6, 7], "aim": 2, "cover": 2, "configur": [2, 6], "topic": 2, "quickstart": 2, "window": 2, "mac": 2, "migrat": 2, "cgroup": [2, 5], "toml": 2, "ecl": 2, "librari": [2, 3, 6], "capabl": [2, 5], "json": 2, "seccomp": [2, 5], "profil": [2, 3, 7], "remot": [2, 3, 6], "yaml": [2, 6], "dmtcp": 2, "rootless": [2, 3, 5], "licens": 2, "earlier": 3, "modern": 3, "metal": 3, "machin": 3, "often": 3, "nest": 3, "anoth": [3, 6, 7], "150mib": 3, "disk": 3, "compil": 3, "cpu": [3, 5], "memori": 3, "least": [3, 7], "2gb": 3, "ram": 3, "minimum": 3, "18": [3, 7], "1127": [3, 7], "rhel7": [3, 7], "setuid": [3, 6, 7], "bind": 3, "persist": [3, 7], "sure": 3, "familiar": 3, "top": [3, 7], "rhel": 3, "unabl": 3, "correctli": 3, "rocm": 3, "suppli": 3, "identifi": [3, 7], "sbin": 3, "parallel": 3, "localstatedir": 3, "tmpdir": 3, "apptainer_tmpdir": 3, "wherev": 3, "neglig": [3, 4], "1mib": 3, "construct": 3, "combin": [3, 7], "Not": 3, "aspect": 3, "referenc": 3, "lowerdir": 3, "act": [3, 7], "abl": [3, 5, 7], "upperdir": 3, "merg": 3, "onto": 3, "subuid": [3, 7], "subgid": [3, 7], "ext4": 3, "xf": 3, "problem": 3, "id": [3, 7], "fileserv": 3, "probabl": 3, "don": [3, 7], "layer": 3, "apptainer_cachedir": 3, "variabl": 3, "uniqu": 3, "suffici": 3, "anticip": 3, "concurr": 3, "safe": 3, "overlap": [3, 7], "expect": 3, "posix": 3, "topologi": 3, "exampl": [3, 5, 7], "mdt": 3, "client": 3, "step": [3, 5, 7], "independ": 3, "fetch": 3, "disallow": 3, "red": 3, "hat": 3, "deriv": [3, 4], "suse": 3, "opensus": 3, "easiest": 3, "curl": 3, "http": [3, 4], "githubusercont": 3, "main": 3, "sh": [3, 7], "few": [3, 7], "aren": 3, "rpm2cpio": 3, "cpio": 3, "pick": 3, "correct": 3, "oldest": 3, "old": [3, 6], "prebuilt": 3, "varieti": 3, "repositori": 3, "yum": 3, "Then": 3, "x86_64": 3, "immedi": 3, "after": [3, 6], "amd64": 3, "apt": 3, "updat": [3, 6, 7], "wget": 3, "cd": [3, 7], "apptainer_1": 3, "5_amd64": 3, "suid_1": 3, "dpkg": 3, "ppa": 3, "person": 3, "archiv": 3, "arm64": 3, "softwar": [3, 4], "properti": 3, "obtain": 3, "desktop": 3, "skip": 3, "move": [3, 6], "continu": 3, "reloc": 3, "ownership": [3, 7], "enjoi": 3, "assum": 3, "bashrc": 3, "adjust": 3, "cento": 3, "easili": 3, "upgrad": [3, 6], "debian_packag": 3, "show": [3, 7], "confirm": [3, 7], "troubleshoot": 3, "package_nam": 3, "package_vers": 3, "builddir": 3, "dtrudg": 3, "git": 3, "execprefix": 3, "bindir": 3, "sbindir": 3, "libexecdir": 3, "libexec": 3, "datarootdir": 3, "datadir": 3, "sharedstatedir": 3, "runstatedir": 3, "includedir": 3, "docdir": 3, "infodir": 3, "libdir": 3, "localedir": 3, "mandir": 3, "apptainer_confdir": 3, "mnt": 3, "session": 3, "plugin_rootdir": 3, "plugin": 3, "apptainer_conf_fil": 3, "apptainer_suid_instal": 3, "storag": 3, "codebas": 3, "ci": 3, "code": [3, 4], "lint": 3, "unit": 3, "e2": 3, "exercis": 3, "larg": [3, 7], "cli": 3, "nc": 3, "starter": 3, "incompat": 3, "contrari": 3, "popular": 3, "misconcept": 3, "maco": 3, "darwin": 3, "fork": 3, "bsd": [3, 4], "platform": 3, "box": 3, "hashicorp": 3, "vm": 3, "choic": 3, "select": 3, "virtualbox": 3, "hyper": 3, "wsl": 3, "homebrew": 3, "manual": [3, 6, 7], "fssl": 3, "brew": 3, "cask": 3, "init": 3, "vagrantfil": 3, "36": 3, "vb": 3, "provis": [3, 7], "inlin": 3, "ssh": 3, "qemu": 3, "limactl": 3, "templat": 3, "subject": 4, "claus": 4, "copyright": 4, "contributor": 4, "project": [4, 6, 7], "establish": 4, "seri": 4, "lf": 4, "llc": 4, "websit": [4, 5], "term": 4, "trademark": 4, "polici": 4, "privaci": 4, "lfproject": 4, "2018": 4, "2023": 4, "inc": 4, "right": 4, "reserv": [4, 7], "2017": 4, "singularitywar": 4, "redistribut": 4, "binari": [4, 7], "met": 4, "retain": 4, "notic": [4, 7], "disclaim": 4, "materi": 4, "neither": 4, "holder": 4, "nor": 4, "endors": 4, "promot": 4, "prior": [4, 7], "BY": 4, "THE": 4, "AND": 4, "AS": 4, "express": 4, "OR": 4, "impli": 4, "warranti": 4, "BUT": 4, "NOT": 4, "TO": 4, "OF": 4, "merchant": 4, "fit": 4, "FOR": 4, "particular": [4, 6], "IN": 4, "event": 4, "shall": 4, "BE": 4, "liabl": 4, "indirect": 4, "incident": 4, "exemplari": 4, "consequenti": 4, "damag": 4, "procur": 4, "substitut": 4, "profit": 4, "busi": 4, "interrupt": 4, "ON": 4, "theori": 4, "liabil": 4, "contract": 4, "strict": 4, "tort": 4, "aris": 4, "IF": 4, "advis": [4, 7], "SUCH": 4, "who": 5, "kei": 5, "harden": 5, "apparmor": 5, "deleg": 5, "el9": 5, "ubuntu": 5, "22": 5, "04": 5, "fedora": 5, "31": 5, "el8": 5, "20": 5, "cpuset": 5, "sinc": 6, "foundat": 6, "goal": 6, "impact": [6, 7], "experi": 6, "reach": 6, "place": 6, "alreadi": 6, "could": 6, "prevent": 6, "produc": 6, "messag": 6, "cleanup": 6, "incomplet": 6, "format": [6, 7], "counterpart": 6, "renam": 6, "comment": [6, 7], "content": 6, "around": 6, "simpli": 6, "care": 6, "wipe": 6, "big": 6, "higher": 6, "risk": [6, 7], "consid": [6, 7], "restor": 6, "uid": 7, "1001": 7, "pro": 7, "con": 7, "creation": 7, "support": 7, "equival": 7, "backport": 7, "addition": 7, "sysctl": 7, "line": 7, "consult": 7, "vendor": 7, "echo": 7, "unprivileged_userns_clon": 7, "d": 7, "90": 7, "unprivileged_usern": 7, "max_user_namespac": 7, "15000": 7, "exploit": 7, "almost": 7, "last": 7, "year": 7, "therefor": 7, "substanti": 7, "reduc": 7, "urgent": 7, "vulner": 7, "announc": 7, "max_net_namespac": 7, "littl": 7, "begin": 7, "unfortun": 7, "podman": 7, "privatenetwork": 7, "turn": 7, "off": 7, "hostnam": 7, "mkdir": 7, "statu": 7, "systemctl": 7, "reload": 7, "appear": 7, "emul": 7, "refer": 7, "assist": 7, "enhanc": 7, "rest": 7, "done": 7, "less": 7, "again": 7, "gid": 7, "unus": 7, "rang": 7, "manipul": 7, "handl": 7, "itself": 7, "With": 7, "extern": 7, "newuidmap": 7, "newgidmap": 7, "reli": 7, "real": 7, "vacant": 7, "remap": 7, "understand": 7, "foo": 7, "65536": 7, "usernam": 7, "useradd": 7, "addus": 7, "glibc": 7, "nss": 7, "switch": 7, "mechan": 7, "ldap": 7, "larger": 7, "bar": 7, "165536": 7, "sub": 7, "165535": 7, "231071": 7, "confin": 7, "wish": 7, "10000": 7, "pars": 7, "penalti": 7, "benchmark": 7, "shown": 7, "20x": 7, "happen": 7, "100001": 7, "veth": 7, "pair": 7, "implic": 7, "manner": 7, "sensit": 7, "deploi": 7, "arrang": 7, "At": 7, "central": 7, "dave": 7, "4294836224": 7, "32": 7, "subsequ": 7, "prefer": 7, "faster": 7, "lookup": 7, "r": 7, "assign": 7, "remain": 7, "uncom": 7, "re": 7}, "objects": {}, "objtypes": {}, "objnames": {}, "titleterms": {"admin": [0, 2], "quick": 0, "start": 0, "architectur": 0, "apptain": [0, 1, 3, 5], "secur": [0, 5], "instal": [0, 3], "configur": [0, 1, 3, 5, 7], "test": [0, 3], "file": [1, 3], "conf": 1, "setuid": 1, "capabl": 1, "loop": 1, "devic": 1, "namespac": [1, 7], "option": [1, 5], "session": 1, "directori": 1, "system": [1, 3], "mount": 1, "bind": 1, "manag": 1, "limit": [1, 3], "contain": 1, "execut": 1, "network": [1, 3, 7], "gpu": 1, "supplement": 1, "filesystem": [1, 3, 7], "cni": 1, "plugin": 1, "extern": 1, "binari": [1, 3], "concurr": 1, "download": 1, "cgroup": 1, "updat": 1, "exampl": 1, "toml": 1, "memori": 1, "cpu": 1, "io": 1, "other": 1, "ecl": 1, "public": 1, "kei": 1, "librari": 1, "nvidia": 1, "cuda": 1, "experiment": 1, "cli": 1, "support": [1, 3], "amd": 1, "radeon": 1, "rocm": 1, "liblist": 1, "format": 1, "json": 1, "seccomp": 1, "profil": 1, "remot": 1, "yaml": 1, "endpoint": 1, "exclus": 1, "insecur": 1, "http": 1, "restor": 1, "pre": [1, 3], "behavior": 1, "addit": 1, "inform": 1, "keyserv": 1, "dmtcp": 1, "guid": 2, "linux": 3, "requir": [3, 7], "non": 3, "standard": 3, "ldconfig": 3, "nix": 3, "guix": 3, "environ": 3, "overlai": 3, "fakeroot": [3, 7], "uid": 3, "gid": 3, "map": [3, 7], "cach": 3, "atom": 3, "renam": 3, "nf": 3, "lustr": 3, "gpf": 3, "panf": 3, "fuse": 3, "base": 3, "unprivileg": 3, "from": [3, 6], "built": 3, "packag": 3, "rpm": 3, "epel": 3, "fedora": 3, "github": 3, "releas": 3, "debian": [3, 7], "ubuntu": 3, "sourc": 3, "relocat": 3, "bash": 3, "complet": 3, "build": 3, "an": 3, "check": 3, "buildcfg": 3, "suit": 3, "window": 3, "mac": 3, "vagrant": 3, "lima": 3, "licens": 4, "runtim": 5, "migrat": 6, "singular": 6, "user": 7, "rhel": 7, "cento": 7, "7": 7, "disabl": 7, "rootless": 7, "featur": 7, "basic": 7, "consider": 7, "config": 7, "ad": 7, "delet": 7, "enabl": 7}, "envversion": {"sphinx.domains.c": 2, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 8, "sphinx.domains.index": 1, "sphinx.domains.javascript": 2, "sphinx.domains.math": 2, "sphinx.domains.python": 3, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx": 57}, "alltitles": {"Admin Quick Start": [[0, "admin-quick-start"]], "Architecture of Apptainer": [[0, "architecture-of-apptainer"]], "Apptainer Security": [[0, "apptainer-security"]], "Installation": [[0, "installation"]], "Configuration": [[0, "configuration"]], "Testing": [[0, "testing"]], "Apptainer Configuration Files": [[1, "apptainer-configuration-files"]], "apptainer.conf": [[1, "apptainer-conf"]], "Setuid and Capabilities": [[1, "setuid-and-capabilities"]], "Loop Devices": [[1, "loop-devices"]], "Namespace Options": [[1, "namespace-options"]], "Configuration Files": [[1, "configuration-files"]], "Session Directory and System Mounts": [[1, "session-directory-and-system-mounts"]], "Bind Mount Management": [[1, "bind-mount-management"]], "Limiting Container Execution": [[1, "limiting-container-execution"]], "Networking Options": [[1, "networking-options"]], "GPU Options": [[1, "gpu-options"]], "Supplemental Filesystems": [[1, "supplemental-filesystems"]], "CNI Configuration and Plugins": [[1, "cni-configuration-and-plugins"]], "External Binaries": [[1, "external-binaries"]], "Concurrent Downloads": [[1, "concurrent-downloads"]], "Cgroups Options": [[1, "cgroups-options"]], "Updating Configuration Options": [[1, "updating-configuration-options"]], "Example": [[1, "example"]], "cgroups.toml": [[1, "cgroups-toml"]], "Examples": [[1, "examples"]], "Limiting memory": [[1, "limiting-memory"]], "Limiting CPU": [[1, "limiting-cpu"]], "Limiting IO": [[1, "limiting-io"]], "Other limits": [[1, "other-limits"]], "ecl.toml": [[1, "ecl-toml"]], "Managing ECL public keys": [[1, "managing-ecl-public-keys"]], "GPU Library Configuration": [[1, "gpu-library-configuration"]], "NVIDIA GPUs / CUDA": [[1, "nvidia-gpus-cuda"]], "Experimental nvidia-container-cli Support": [[1, "experimental-nvidia-container-cli-support"]], "AMD Radeon GPUs / ROCm": [[1, "amd-radeon-gpus-rocm"]], "GPU liblist format": [[1, "gpu-liblist-format"]], "capability.json": [[1, "capability-json"]], "seccomp-profiles": [[1, "seccomp-profiles"]], "remote.yaml": [[1, "remote-yaml"]], "Remote Endpoints": [[1, "remote-endpoints"]], "Exclusive Endpoint": [[1, "exclusive-endpoint"]], "Insecure (HTTP) Endpoints": [[1, "insecure-http-endpoints"]], "Restoring pre-Apptainer library behavior": [[1, "restoring-pre-apptainer-library-behavior"]], "Additional Information": [[1, "additional-information"]], "Keyserver Configuration": [[1, "keyserver-configuration"]], "dmtcp-conf.yaml": [[1, "dmtcp-conf-yaml"]], "Admin Guide": [[2, "admin-guide"]], "Installing Apptainer": [[3, "installing-apptainer"]], "Installation on Linux": [[3, "installation-on-linux"]], "System Requirements": [[3, "system-requirements"]], "Non-standard ldconfig / Nix & Guix Environments": [[3, "non-standard-ldconfig-nix-guix-environments"]], "Filesystem support / limitations": [[3, "filesystem-support-limitations"]], "Overlay support": [[3, "overlay-support"]], "Fakeroot with uid/gid mapping on Network filesystems": [[3, "fakeroot-with-uid-gid-mapping-on-network-filesystems"]], "Apptainer cache / atomic rename": [[3, "apptainer-cache-atomic-rename"]], "NFS": [[3, "nfs"]], "Lustre / GPFS / PanFS": [[3, "lustre-gpfs-panfs"]], "FUSE-based filesystems": [[3, "fuse-based-filesystems"]], "Install unprivileged from pre-built binaries": [[3, "install-unprivileged-from-pre-built-binaries"]], "Install from pre-built packages": [[3, "install-from-pre-built-packages"]], "Install RPM from EPEL or Fedora": [[3, "install-rpm-from-epel-or-fedora"]], "Install from GitHub release RPMs": [[3, "install-from-github-release-rpms"]], "Install Debian packages": [[3, "install-debian-packages"]], "Install Ubuntu packages": [[3, "install-ubuntu-packages"]], "Install from Source": [[3, "install-from-source"]], "Relocatable Installation": [[3, "relocatable-installation"]], "Source bash completion file": [[3, "source-bash-completion-file"]], "Build an RPM": [[3, "build-an-rpm"]], "Build a Debian package": [[3, "build-a-debian-package"]], "Testing & Checking the Build Configuration": [[3, "testing-checking-the-build-configuration"]], "apptainer buildcfg": [[3, "apptainer-buildcfg"]], "Test Suite": [[3, "test-suite"]], "Installation on Windows or Mac": [[3, "installation-on-windows-or-mac"]], "Windows": [[3, "windows"]], "Vagrant": [[3, "vagrant"], [3, "id2"]], "Lima": [[3, "id1"], [3, "id3"]], "Mac": [[3, "mac"]], "License": [[4, "license"]], "Security in Apptainer": [[5, "security-in-apptainer"]], "Configuration & Runtime Options": [[5, "configuration-runtime-options"]], "Migrating From Singularity": [[6, "migrating-from-singularity"]], "User Namespaces & Fakeroot": [[7, "user-namespaces-fakeroot"]], "User Namespace Requirements": [[7, "user-namespace-requirements"]], "Debian": [[7, "debian"]], "RHEL/CentOS 7": [[7, "rhel-centos-7"]], "Disabling network namespaces": [[7, "disabling-network-namespaces"]], "\u201cRootless\u201d Fakeroot feature": [[7, "rootless-fakeroot-feature"]], "Requirements": [[7, "requirements"]], "Basics": [[7, "basics"]], "Filesystem considerations": [[7, "filesystem-considerations"]], "Network configuration": [[7, "network-configuration"]], "Configuration with config fakeroot": [[7, "configuration-with-config-fakeroot"]], "Adding a fakeroot mapping": [[7, "adding-a-fakeroot-mapping"]], "Deleting, disabling, enabling mappings": [[7, "deleting-disabling-enabling-mappings"]]}, "indexentries": {}})
\ No newline at end of file