Test what happens if Apptainer is allowed to mount /proc

osg-htc · Jul 16, 2024 · 10185af · 10185af
1 parent 2778ddc
commit 10185af
Show file tree

Hide file tree

Showing 5 changed files with 0 additions and 10 deletions.
diff --git a/notebooks/htc-datascience-notebook/Dockerfile b/notebooks/htc-datascience-notebook/Dockerfile
@@ -112,11 +112,9 @@ RUN cd /tmp \
     && rm -rf /etc/subuid /etc/subgid \
     #
     # Do not allow users to utilize the setuid program flow within Apptainer.
-    # Do not automatically bind mount /proc within the container.
     #
     && sed -i \
           -e 's/^allow setuid.*$/allow setuid = no/' \
-          -e 's/^mount proc.*$/mount proc = no/' \
           /etc/apptainer/apptainer.conf
 
 

diff --git a/notebooks/htc-minimal-notebook/Dockerfile b/notebooks/htc-minimal-notebook/Dockerfile
@@ -112,11 +112,9 @@ RUN cd /tmp \
     && rm -rf /etc/subuid /etc/subgid \
     #
     # Do not allow users to utilize the setuid program flow within Apptainer.
-    # Do not automatically bind mount /proc within the container.
     #
     && sed -i \
           -e 's/^allow setuid.*$/allow setuid = no/' \
-          -e 's/^mount proc.*$/mount proc = no/' \
           /etc/apptainer/apptainer.conf
 
 

diff --git a/notebooks/htc-pytorch-notebook/Dockerfile b/notebooks/htc-pytorch-notebook/Dockerfile
@@ -112,11 +112,9 @@ RUN cd /tmp \
     && rm -rf /etc/subuid /etc/subgid \
     #
     # Do not allow users to utilize the setuid program flow within Apptainer.
-    # Do not automatically bind mount /proc within the container.
     #
     && sed -i \
           -e 's/^allow setuid.*$/allow setuid = no/' \
-          -e 's/^mount proc.*$/mount proc = no/' \
           /etc/apptainer/apptainer.conf
 
 

diff --git a/notebooks/htc-tensorflow-notebook/Dockerfile b/notebooks/htc-tensorflow-notebook/Dockerfile
@@ -112,11 +112,9 @@ RUN cd /tmp \
     && rm -rf /etc/subuid /etc/subgid \
     #
     # Do not allow users to utilize the setuid program flow within Apptainer.
-    # Do not automatically bind mount /proc within the container.
     #
     && sed -i \
           -e 's/^allow setuid.*$/allow setuid = no/' \
-          -e 's/^mount proc.*$/mount proc = no/' \
           /etc/apptainer/apptainer.conf
 
 

diff --git a/template/Dockerfile b/template/Dockerfile
@@ -112,11 +112,9 @@ RUN cd /tmp \
     && rm -rf /etc/subuid /etc/subgid \
     #
     # Do not allow users to utilize the setuid program flow within Apptainer.
-    # Do not automatically bind mount /proc within the container.
     #
     && sed -i \
           -e 's/^allow setuid.*$/allow setuid = no/' \
-          -e 's/^mount proc.*$/mount proc = no/' \
           /etc/apptainer/apptainer.conf