Skip to content

Commit

Permalink
Update main admindocs
Browse files Browse the repository at this point in the history
  • Loading branch information
actions-user committed Jul 12, 2024
1 parent e504205 commit c79cc0e
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 63 deletions.
12 changes: 6 additions & 6 deletions public/docs/admin/main/_sources/installation.rst.txt
Original file line number Diff line number Diff line change
Expand Up @@ -308,19 +308,19 @@ repositories like this:

.. code::
$ sudo yum install -y epel-release
$ sudo dnf install -y epel-release
Then to install a non-setuid installation of {Project} do:

.. code::
$ sudo yum install -y {command}
$ sudo dnf install -y {command}
or for a setuid installation do:

.. code::
$ sudo yum install -y {command}-suid
$ sudo dnf install -y {command}-suid
Install from GitHub release RPMs
--------------------------------
Expand All @@ -331,13 +331,13 @@ non-setuid installation:

.. code::
$ sudo yum install -y https://github.com/{orgrepo}/releases/download/v{InstallationVersion}/{command}-{GitHubDownloadVersion}.x86_64.rpm
$ sudo dnf install -y https://github.com/{orgrepo}/releases/download/v{InstallationVersion}/{command}-{GitHubDownloadVersion}.x86_64.rpm
For the setuid installation do above command first and then this one:

.. code::
$ sudo yum install -y https://github.com/{orgrepo}/releases/download/v{InstallationVersion}/{command}-suid-{GitHubDownloadVersion}.x86_64.rpm
$ sudo dnf install -y https://github.com/{orgrepo}/releases/download/v{InstallationVersion}/{command}-suid-{GitHubDownloadVersion}.x86_64.rpm
Install Debian packages
------------------------------
Expand Down Expand Up @@ -425,7 +425,7 @@ continues to work in new shells. (Adjust the path if you installed
Build an RPM
------------

If you use RHEL, CentOS or SUSE, building and installing {aProject}
If you use RHEL, a RHEL derivate, or SUSE, building and installing {aProject}
RPM allows your {Project} installation be more easily managed,
upgraded and removed.

Expand Down
28 changes: 4 additions & 24 deletions public/docs/admin/main/_sources/user_namespace.rst.txt
Original file line number Diff line number Diff line change
Expand Up @@ -32,39 +32,19 @@ of the user guide.
To allow unprivileged creation of user namespaces a kernel >=3.8 is
required, with >=4.18 being recommended due to support for unprivileged
mounting of FUSE filesystems (needed for example for mounting SIF files).
The equivalent recommendation on RHEL7 is >=3.10.0-1127 from release
7.8, where unprivileged mounting of FUSE filesystems was backported.
To use unprivileged overlayFS for creating missing bind mount paths and
for writable overlays, kernel >=5.11 is recommended.
That feature has not been backported to RHEL7.
Whenever the kernel overlayFS doesn't work then {Project} will use
fuse-overlayfs instead.

Additionally, some Linux distributions require that unprivileged user
namespace creation is enabled using a ``sysctl`` or kernel command line
parameter. Please consult your distribution documentation or vendor to
confirm the steps necessary to 'enable unprivileged user namespace
creation'.

Debian
======

.. code::
sudo sh -c 'echo kernel.unprivileged_userns_clone=1 \
>/etc/sysctl.d/90-unprivileged_userns.conf'
sudo sysctl -p /etc/sysctl.d/90-unprivileged_userns.conf
RHEL/CentOS 7
=============

From 7.4, kernel support is included but must be enabled with:

.. code::
sudo sh -c 'echo user.max_user_namespaces=15000 \
>/etc/sysctl.d/90-max_user_namespaces.conf'
sudo sysctl -p /etc/sysctl.d/90-max_user_namespaces.conf
creation'.
In general, the parameter ``user.max_usernamespaces`` has to be non-zero,
and additionally on Debian the parameter ``kernel.unprivileged_userns_clone``
needs to be non-zero.

******************************
Disabling network namespaces
Expand Down
12 changes: 6 additions & 6 deletions public/docs/admin/main/installation.html
Original file line number Diff line number Diff line change
Expand Up @@ -393,15 +393,15 @@ <h4>Install RPM from EPEL or Fedora<a class="headerlink" href="#install-rpm-from
Linux and Fedora.</p>
<p>First, on Red Hat Enterprise Linux derived systems enable the EPEL
repositories like this:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ sudo yum install -y epel-release
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ sudo dnf install -y epel-release
</pre></div>
</div>
<p>Then to install a non-setuid installation of Apptainer do:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ sudo yum install -y apptainer
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ sudo dnf install -y apptainer
</pre></div>
</div>
<p>or for a setuid installation do:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ sudo yum install -y apptainer-suid
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ sudo dnf install -y apptainer-suid
</pre></div>
</div>
</div>
Expand All @@ -410,11 +410,11 @@ <h4>Install from GitHub release RPMs<a class="headerlink" href="#install-from-gi
<p>Alternatively, x86_64 RPMs are available on GitHub immediately after each
Apptainer release and they can be installed directly from there. For the
non-setuid installation:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ sudo yum install -y https://github.com/apptainer/apptainer/releases/download/v1.3.3/apptainer-1.3.3-1.x86_64.rpm
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ sudo dnf install -y https://github.com/apptainer/apptainer/releases/download/v1.3.3/apptainer-1.3.3-1.x86_64.rpm
</pre></div>
</div>
<p>For the setuid installation do above command first and then this one:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ sudo yum install -y https://github.com/apptainer/apptainer/releases/download/v1.3.3/apptainer-suid-1.3.3-1.x86_64.rpm
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>$ sudo dnf install -y https://github.com/apptainer/apptainer/releases/download/v1.3.3/apptainer-suid-1.3.3-1.x86_64.rpm
</pre></div>
</div>
</div>
Expand Down Expand Up @@ -484,7 +484,7 @@ <h4>Source bash completion file<a class="headerlink" href="#source-bash-completi
</div>
<div class="section" id="build-an-rpm">
<h4>Build an RPM<a class="headerlink" href="#build-an-rpm" title="Permalink to this heading"></a></h4>
<p>If you use RHEL, CentOS or SUSE, building and installing an Apptainer
<p>If you use RHEL, a RHEL derivate, or SUSE, building and installing an Apptainer
RPM allows your Apptainer installation be more easily managed,
upgraded and removed.</p>
<p>The instructions on how to build the RPM from source are in a
Expand Down
2 changes: 1 addition & 1 deletion public/docs/admin/main/searchindex.js

Large diffs are not rendered by default.

31 changes: 5 additions & 26 deletions public/docs/admin/main/user_namespace.html
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,7 @@
<li class="toctree-l1"><a class="reference internal" href="singularity_migration.html">Migrating from Singularity</a></li>
<li class="toctree-l1"><a class="reference internal" href="configfiles.html">Configuration files</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">User Namespaces &amp; Fakeroot</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#user-namespace-requirements">User Namespace Requirements</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#debian">Debian</a></li>
<li class="toctree-l3"><a class="reference internal" href="#rhel-centos-7">RHEL/CentOS 7</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="#user-namespace-requirements">User Namespace Requirements</a></li>
<li class="toctree-l2"><a class="reference internal" href="#disabling-network-namespaces">Disabling network namespaces</a></li>
<li class="toctree-l2"><a class="reference internal" href="#rootless-fakeroot-feature">“Rootless” Fakeroot feature</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#requirements">Requirements</a></li>
Expand Down Expand Up @@ -132,35 +128,18 @@
<p>To allow unprivileged creation of user namespaces a kernel &gt;=3.8 is
required, with &gt;=4.18 being recommended due to support for unprivileged
mounting of FUSE filesystems (needed for example for mounting SIF files).
The equivalent recommendation on RHEL7 is &gt;=3.10.0-1127 from release
7.8, where unprivileged mounting of FUSE filesystems was backported.
To use unprivileged overlayFS for creating missing bind mount paths and
for writable overlays, kernel &gt;=5.11 is recommended.
That feature has not been backported to RHEL7.
Whenever the kernel overlayFS doesn’t work then Apptainer will use
fuse-overlayfs instead.</p>
<p>Additionally, some Linux distributions require that unprivileged user
namespace creation is enabled using a <code class="docutils literal notranslate"><span class="pre">sysctl</span></code> or kernel command line
parameter. Please consult your distribution documentation or vendor to
confirm the steps necessary to ‘enable unprivileged user namespace
creation’.</p>
<div class="section" id="debian">
<h3>Debian<a class="headerlink" href="#debian" title="Permalink to this heading"></a></h3>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">sudo</span> <span class="n">sh</span> <span class="o">-</span><span class="n">c</span> <span class="s1">&#39;echo kernel.unprivileged_userns_clone=1 </span><span class="se">\</span>
<span class="s1"> &gt;/etc/sysctl.d/90-unprivileged_userns.conf&#39;</span>
<span class="n">sudo</span> <span class="n">sysctl</span> <span class="o">-</span><span class="n">p</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">sysctl</span><span class="o">.</span><span class="n">d</span><span class="o">/</span><span class="mi">90</span><span class="o">-</span><span class="n">unprivileged_userns</span><span class="o">.</span><span class="n">conf</span>
</pre></div>
</div>
</div>
<div class="section" id="rhel-centos-7">
<h3>RHEL/CentOS 7<a class="headerlink" href="#rhel-centos-7" title="Permalink to this heading"></a></h3>
<p>From 7.4, kernel support is included but must be enabled with:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">sudo</span> <span class="n">sh</span> <span class="o">-</span><span class="n">c</span> <span class="s1">&#39;echo user.max_user_namespaces=15000 </span><span class="se">\</span>
<span class="s1"> &gt;/etc/sysctl.d/90-max_user_namespaces.conf&#39;</span>
<span class="n">sudo</span> <span class="n">sysctl</span> <span class="o">-</span><span class="n">p</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">sysctl</span><span class="o">.</span><span class="n">d</span><span class="o">/</span><span class="mi">90</span><span class="o">-</span><span class="n">max_user_namespaces</span><span class="o">.</span><span class="n">conf</span>
</pre></div>
</div>
</div>
creation’.
In general, the parameter <code class="docutils literal notranslate"><span class="pre">user.max_usernamespaces</span></code> has to be non-zero,
and additionally on Debian the parameter <code class="docutils literal notranslate"><span class="pre">kernel.unprivileged_userns_clone</span></code>
needs to be non-zero.</p>
</div>
<div class="section" id="disabling-network-namespaces">
<h2>Disabling network namespaces<a class="headerlink" href="#disabling-network-namespaces" title="Permalink to this heading"></a></h2>
Expand Down

0 comments on commit c79cc0e

Please sign in to comment.