init

Signed-off-by: jason yang <jasonyangshadow@gmail.com>
JasonYangShadow · Jul 17, 2024 · 8d884a6 · 8d884a6
1 parent f79d371
commit 8d884a6
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,7 @@ For older changes see the [archived Singularity change log](https://github.com/a
 
 - Fix sif-embedded overlay partitions for containers that are larger
   than 2 gigabytes.
+- Fix apparmor broken issue.
 
 ## v1.3.3 - \[2024-07-03\]
 

diff --git a/dist/debian/apparmor-placeholder b/dist/debian/apparmor-placeholder
@@ -1,8 +1,9 @@
 # Permit unprivileged user namespace creation for apptainer starter, placeholder
-abi <abi/4.0>,
+# Uses AppArmor 3 ABI on Ubuntu <23.10
+abi <abi/3.0>,
 include <tunables/global>
 
-profile apptainer /usr/lib/@{multiarch}/apptainer/bin/starter{,-suid} flags=(unconfined) {
+profile apptainer /usr/libexec/apptainer/bin/starter{,-suid} flags=(unconfined) {
   # Site-specific additions and overrides. See local/README for details.
   include if exists <local/apptainer>
 }

diff --git a/dist/debian/apparmor-userns b/dist/debian/apparmor-userns
@@ -1,8 +1,9 @@
 # Permit unprivileged user namespace creation for apptainer starter
+# Uses AppArmor 4 ABI on Ubuntu >=23.10
 abi <abi/4.0>,
 include <tunables/global>
 
-profile apptainer /usr/lib/@{multiarch}/apptainer/bin/starter{,-suid} flags=(unconfined) {
+profile apptainer /usr/libexec/apptainer/bin/starter{,-suid} flags=(unconfined) {
   userns,
 
   # Site-specific additions and overrides. See local/README for details.

diff --git a/dist/debian/rules b/dist/debian/rules
@@ -5,6 +5,7 @@ pkgver = $(shell LC_ALL=C dpkg-parsechangelog --show-field Version )
 
 OS_MAJOR := $(shell grep ^VERSION_ID /etc/os-release | cut -d'=' -f2 | sed 's/\"//gI' | cut -d'.' -f1)
 OS_NAME := $(shell grep ^NAME /etc/os-release | cut -d '=' -f2 | sed 's/\"//gI')
+OS_VERSION := $(shell grep ^VERSION_ID /etc/os-release | cut -d'=' -f2 | sed 's/\"//gI')
 
 # Needed by debchange to set Name and EMAIL in changelog
 # DEBFULLNAME is filtered out by debuild
@@ -97,7 +98,7 @@ override_dh_auto_install:
 	@dh_auto_install -Smakefile -D$(DEB_SC_BUILDDIR)
 	@./scripts/install-dependencies $(pkgdir)/usr/libexec
 # Apparmor userns profile needed on Ubuntu 24.04, or unconfined placeholder for older versions.	
-	if [ $(OS_MAJOR) -gt 23 ] && [[ $(OS_NAME) = "Ubuntu" ]]; then \
+	if ( [ $(OS_MAJOR) -gt 23 ] || [[ $(OS_VERSION) = "23.10" ]] ) && [[ $(OS_NAME) = "Ubuntu" ]]; then \
 		echo "Ubuntu 24.04 or newer - installing apparmor userns profile"; \
 		install -D -m 644 dist/debian/apparmor-userns $(pkgdir)/etc/apparmor.d/apptainer; \
 	else \

diff --git a/scripts/ci-deb-build-test b/scripts/ci-deb-build-test
@@ -83,4 +83,6 @@ su testuser -c '
   sudo dpkg -i ../apptainer*.deb
 
   apptainer exec oras://ghcr.io/apptainer/alpine:3.15.0 /bin/true
+  apptainer exec --usrns oras://ghcr.io/apptainer/alpine:3.15.0 /bin/true
+  apptainer exec --fakeroot oras://ghcr.io/apptainer/alpine:3.15.0 /bin/true
 '