diff options
| author | Someone Serge <sergei.kozlukov@aalto.fi> | 2024-01-03 22:28:57 +0000 |
|---|---|---|
| committer | Someone Serge <sergei.kozlukov@aalto.fi> | 2024-01-10 20:47:57 +0000 |
| commit | 35de6f1c4eb4e983fe39a5407db7c831fea675f7 (patch) | |
| tree | f22e7cc904a021abb54114702728f4b0bab367ba /nixos/modules/programs/singularity.nix | |
| parent | 562dd639328c5da2fa5291c0f9d9860adf8f57a4 (diff) | |
| download | nixlib-35de6f1c4eb4e983fe39a5407db7c831fea675f7.tar nixlib-35de6f1c4eb4e983fe39a5407db7c831fea675f7.tar.gz nixlib-35de6f1c4eb4e983fe39a5407db7c831fea675f7.tar.bz2 nixlib-35de6f1c4eb4e983fe39a5407db7c831fea675f7.tar.lz nixlib-35de6f1c4eb4e983fe39a5407db7c831fea675f7.tar.xz nixlib-35de6f1c4eb4e983fe39a5407db7c831fea675f7.tar.zst nixlib-35de6f1c4eb4e983fe39a5407db7c831fea675f7.zip | |
nixos/singularity: disable setuid for apptainer
(cherry picked from commit 5f4b6ea5dde8b0153f416c78519d877ab1224f91)
Diffstat (limited to 'nixos/modules/programs/singularity.nix')
| -rw-r--r-- | nixos/modules/programs/singularity.nix | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/nixos/modules/programs/singularity.nix b/nixos/modules/programs/singularity.nix index 9fd37e1793a7..7f285ab05537 100644 --- a/nixos/modules/programs/singularity.nix +++ b/nixos/modules/programs/singularity.nix @@ -61,7 +61,12 @@ in }; enableSuid = mkOption { type = types.bool; - default = true; + # SingularityCE requires SETUID for most things. Apptainer prefers user + # namespaces, e.g. `apptainer exec --nv` would fail if built + # `--with-suid`: + # > `FATAL: nvidia-container-cli not allowed in setuid mode` + default = cfg.package.projectName != "apptainer"; + defaultText = literalExpression ''config.services.singularity.package.projectName != "apptainer"''; example = false; description = mdDoc '' Whether to enable the SUID support of Singularity/Apptainer. |