fuse: automatically use squashfuse for images, deprecate --sif-fuse #2451
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dtrudg
force-pushed
the
issue-2216
branch
9 times, most recently
from
55b9035 to
ddc3466
Compare
dtrudg
force-pushed
the
issue-2216
branch
3 times, most recently
from
be0e29c to
d4106e3
Compare
Deprecate the explicit `--sif-fuse` flag and `sif fuse` directive for `singularity.conf`. These were previously used to enable experimental FUSE mount of SIF/SquashFS containers. Modify image handling so that we now try squashfuse mounts automatically, with fall back to temporary sandbox extraction, when: * squashfs kernel mounts have been disabled in `singularity.conf` * we are running in a non-setuid / user namespace flow. Add a `--tmp-sandbox` flag to allow forcing extraction to a temporary sandbox when a kernel mount or FUSE mount would otherwise be used. Fixes sylabs#2216
When a container doesn't exit cleanly, or fails to start correctly, then the master process won't write into the cleanup socket to initiate cleanup in the host namespaces. Prior to this commit, this caused the host cleanup to exit with an EOF error, leaving FUSE mounts in place in host namespaces. The host cleanup process has SIGTERM set as its parent death signal, so we can trap this to ensure that cleanup runs for an 'unclean' exit where the master doesn't initate cleanup via the socket.
wobito
approved these changes
Jan 2, 2024
21 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of the Pull Request (PR):
Deprecate the explicit
--sif-fuseflag andsif fusedirective forsingularity.conf. These were previously used to enable experimental FUSE mount of SIF/SquashFS containers.Modify image handling so that we now try squashfuse mounts automatically, with fall back to temporary sandbox extraction, when:
singularity.conf-or-Add a
--tmp-sandboxflag to allow forcing extraction to a temporary sandbox when a kernel mount or FUSE mount would otherwise be used / attempted.This change exposed an issue via the e2e tests - where there is a failure after the starter is called, but before the container is entered successfully, the host cleanup may not be called. To address this, added the commit...
fix: ensure host cleanup runs when parent exits
When a container doesn't exit cleanly, or fails to start correctly, then the master process won't write into the cleanup socket to initiate cleanup in the host namespaces.
Prior to this commit, this caused the host cleanup to exit with an EOF error, leaving FUSE mounts in place in host namespaces.
The host cleanup process has SIGTERM set as its parent death signal, so we can trap this to ensure that cleanup runs for an 'unclean' exit where the master doesn't initate cleanup via the socket.
This fixes or addresses the following GitHub issues:
Before submitting a PR, make sure you have done the following:
make checkand tested this PR locally with amake test, andmake testallif possible (see CONTRIBUTING.md).