Open tildeslu opened 3 months ago
DrDaveD
commented
3 months ago By the way, do your compute nodes not have user namespaces enabled? If you use the cvmfsexec command with user namespaces enabled it shouldn't try to use fusermount or fusermount3; only the mode 1 mountrepo/umountrepo commands do that.
tildeslu
commented
3 months ago Unfortunately unprivileged user namespaces are not usable in that environment. The kernel is capable, but it's not enabled in system config. And that's the OS image that is shipped by HPC vendor. Also, they ship both fuse2 and fuse3 libraries but fusermount binary is removed from the image, only fusermount3 is provided. There is also setuid Apptainer installation which natively supports fuse3 - but again, because of missing support for unprivileged user namespaces, it is not possible to run nested containers.
DrDaveD
commented
2 months ago I have finally gotten around to making CI checks for cvmfsexec here now. Please rebase your PR on the current master so we can see if it broke any functionality or not.
tildeslu
commented
2 months ago Please rebase your PR on the current master so we can see if it broke any functionality or not.
Done. I see CI tests running on my branch but they are not reported in the pull request for some reason.
In some HPC environments (e.g. PUHTI supercomputer) only fuse3 setuid-helper binary (fusermount3) is shipped on EL8. Fuse2 libraries are still available but cannot be used in unprivileged way because of absence of setuid-helper, so the only solution is to use fuse3 variant of CVMFS.
This patch changes fuse3 support from apptainer-only to a generic option.