[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#36093] [PATCH 1/2] services: Add Singularity.
From: |
Ludovic Courtès |
Subject: |
[bug#36093] [PATCH 1/2] services: Add Singularity. |
Date: |
Wed, 05 Jun 2019 22:24:05 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) |
Hi Danny,
Danny Milosavljevic <address@hidden> skribis:
> On Tue, 4 Jun 2019 23:01:14 +0200
> Ludovic Courtès <address@hidden> wrote:
>
>> address@hidden {Scheme Variable} singularity-service-type
>> +This is the type of the service that runs
>> address@hidden://www.sylabs.io/singularity/, Singularity},
>
> Does it?
> Doesn't it just "allow you to invoke"?
Yes, you’re right. I’ll reword as you suggest.
>> + (substitute* (find-files "libexec/cli" "\\.exec$")
>> +
>> (("\\$SINGULARITY_libexecdir/singularity/bin/([a-z]+)-suid"
>> + _ program)
>> + (string-append "/run/setuid-programs/singularity-"
>> + program "-helper")))
>
> Is absolute path OK? There have been some efforts to get guix to relocate in
> the past. Does this apply here?
I think it’s OK: those setuid helpers can only be used on Guix System,
not on a foreign distro, and it goes hand-in-hand with
‘singularity-service-type’.
>> + ;; Create the directories that Singularity 2.6 expects to find.
>> + (for-each (lambda (directory)
>> + (mkdir-p (string-append "/var/singularity/mnt/"
>> + directory)))
>> + '("container" "final" "overlay" "session")))))
>
> Are permissions OK?
They’re good enough for the test, but perhaps it should be #o700.
I’ll check if it works like that.
There’s been a nice CVE for Singularity 3.x in this area recently:
https://nvd.nist.gov/vuln/detail/CVE-2019-11328
It’s not directly applicable here but there could be similar issues.
Thanks,
Ludo’.
- [bug#36093] [PATCH 2/2] pack: Add '--entry-point'., (continued)
- [bug#36093] [PATCH 2/2] pack: Add '--entry-point'., Ludovic Courtès, 2019/06/04
- [bug#36093] [PATCH 2/2] pack: Add '--entry-point'., Danny Milosavljevic, 2019/06/05
- [bug#36093] [PATCH 2/2] pack: Add '--entry-point'., Ludovic Courtès, 2019/06/05
- [bug#36093] [PATCH v2 1/2] services: Add Singularity., Ludovic Courtès, 2019/06/06
- [bug#36093] [PATCH v2 2/2] pack: Add '--entry-point'., Ludovic Courtès, 2019/06/06
- bug#36093: [PATCH v2 2/2] pack: Add '--entry-point'., Ludovic Courtès, 2019/06/07
- [bug#36093] [PATCH 2/2] pack: Add '--entry-point'., Ricardo Wurmus, 2019/06/07
- [bug#36093] [PATCH 2/2] pack: Add '--entry-point'., Ludovic Courtès, 2019/06/07
- [bug#36093] [PATCH 2/2] pack: Add '--entry-point'., Ricardo Wurmus, 2019/06/08
[bug#36093] [PATCH 1/2] services: Add Singularity., Danny Milosavljevic, 2019/06/05
- [bug#36093] [PATCH 1/2] services: Add Singularity.,
Ludovic Courtès <=