[slurm-users] job_container/tmpfs and rootless apptainer

[Roberto Monti]

Hi,
I was wondering if some light could be shed as to why permissions on the mounted /tmp need to be 700 when using the job_container/tmpfs plugin.

I'm asking this because we are considering allowing for users to run rootless apptainer as a method for building containers from a slurm job, and I'm encountering the following issues:
- 0700 permissions on /tmp do not sit well with certain builds (e.g. ubuntu images needing to write temp files in order to run "apt")
- setting the APPTAINER_TMPDIR variable would in theory circumvent this, but I can't do this as it needs to be on disk, and all the other fs I have available are networked

I have "solved" this by giving 1777 permissions to the mounted /tmp in the taskprolog, which was the only option I could find, as both prolog and init_script get to run prior to the construction of the /tmp namespace. Does this look like an appropriate solution?

Best regards,

--
Roberto P. Monti
DevOps Engineer I
roberto.monti at jax.org

The Jackson Laboratory
United States | China | Japan
www.jax.org

---

The information in this email, including attachments, may be confidential and is intended solely for the addressee(s). If you believe you received this email by mistake, please notify the sender by return email as soon as possible.