init

Signed-off-by: jason yang <jasonyangshadow@gmail.com>
JasonYangShadow · Jul 17, 2024 · 1e6dffb · 1e6dffb
1 parent f79d371
commit 1e6dffb
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 4 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -144,6 +144,22 @@ jobs:
           OS_VERSION: 24.04
           GO_ARCH: linux-amd64
         run: ./scripts/ci-docker-run
+
+  ubuntu-2310:
+    name: debbuild-ubuntu23
+    runs-on: ubuntu-23.10
+    steps:
+      - uses: actions/checkout@v2
+      # fetch tags as checkout@v2 doesn't do that by default
+      - run: git fetch --prune --unshallow --tags --force
+
+      - name: Build and test deb under docker
+        env:
+          OS_TYPE: ubuntu
+          OS_VERSION: 23.10
+          GO_ARCH: linux-amd64
+        run: ./scripts/ci-docker-run
+
 
   rpmbuild-rocky8:
     runs-on: ubuntu-22.04

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,7 @@ For older changes see the [archived Singularity change log](https://github.com/a
 
 - Fix sif-embedded overlay partitions for containers that are larger
   than 2 gigabytes.
+- Fix apparmor broken issue.
 
 ## v1.3.3 - \[2024-07-03\]
 

diff --git a/dist/debian/apparmor-placeholder b/dist/debian/apparmor-placeholder
@@ -1,8 +1,9 @@
 # Permit unprivileged user namespace creation for apptainer starter, placeholder
-abi <abi/4.0>,
+# Uses AppArmor 3 ABI on Ubuntu <23.10
+abi <abi/3.0>,
 include <tunables/global>
 
-profile apptainer /usr/lib/@{multiarch}/apptainer/bin/starter{,-suid} flags=(unconfined) {
+profile apptainer /usr/libexec/apptainer/bin/starter{,-suid} flags=(unconfined) {
   # Site-specific additions and overrides. See local/README for details.
   include if exists <local/apptainer>
 }

diff --git a/dist/debian/apparmor-userns b/dist/debian/apparmor-userns
@@ -1,8 +1,9 @@
 # Permit unprivileged user namespace creation for apptainer starter
+# Uses AppArmor 4 ABI on Ubuntu >=23.10
 abi <abi/4.0>,
 include <tunables/global>
 
-profile apptainer /usr/lib/@{multiarch}/apptainer/bin/starter{,-suid} flags=(unconfined) {
+profile apptainer /usr/libexec/apptainer/bin/starter{,-suid} flags=(unconfined) {
   userns,
 
   # Site-specific additions and overrides. See local/README for details.

diff --git a/dist/debian/rules b/dist/debian/rules
@@ -5,6 +5,7 @@ pkgver = $(shell LC_ALL=C dpkg-parsechangelog --show-field Version )
 
 OS_MAJOR := $(shell grep ^VERSION_ID /etc/os-release | cut -d'=' -f2 | sed 's/\"//gI' | cut -d'.' -f1)
 OS_NAME := $(shell grep ^NAME /etc/os-release | cut -d '=' -f2 | sed 's/\"//gI')
+OS_VERSION := $(shell grep ^VERSION_ID /etc/os-release | cut -d'=' -f2 | sed 's/\"//gI')
 
 # Needed by debchange to set Name and EMAIL in changelog
 # DEBFULLNAME is filtered out by debuild
@@ -97,7 +98,7 @@ override_dh_auto_install:
 	@dh_auto_install -Smakefile -D$(DEB_SC_BUILDDIR)
 	@./scripts/install-dependencies $(pkgdir)/usr/libexec
 # Apparmor userns profile needed on Ubuntu 24.04, or unconfined placeholder for older versions.	
-	if [ $(OS_MAJOR) -gt 23 ] && [[ $(OS_NAME) = "Ubuntu" ]]; then \
+	if ( [ $(OS_MAJOR) -gt 23 ] || [[ $(OS_VERSION) = "23.10" ]]) && [[ $(OS_NAME) = "Ubuntu" ]]; then \
 		echo "Ubuntu 24.04 or newer - installing apparmor userns profile"; \
 		install -D -m 644 dist/debian/apparmor-userns $(pkgdir)/etc/apparmor.d/apptainer; \
 	else \

diff --git a/scripts/ci-deb-build-test b/scripts/ci-deb-build-test
@@ -83,4 +83,6 @@ su testuser -c '
   sudo dpkg -i ../apptainer*.deb
 
   apptainer exec oras://ghcr.io/apptainer/alpine:3.15.0 /bin/true
+  apptainer exec --userns oras://ghcr.io/apptainer/alpine:3.15.0 /bin/true
+  apptainer exec --fakeroot oras://ghcr.io/apptainer/alpine:3.15.0 /bin/true
 '