cclerget
cclerget
@DrDaveD those lines ``` 2069950 open("/proc/self/fd", O_RDONLY) = 3 2069950 fstat(3, {st_mode=S_IFDIR|0500, st_size=0, ...}) = 0 2069950 fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE) 2069950 fcntl(3, F_SETFD, FD_CLOEXEC) = 0 2069950...
In the suid case, privilege are dropped and fsuid/fsgid should be set to current user as euid is corresponding to the current user, so this is strange, you also mentioned:...
@chrisburr Are you using autofs on your machines ?
@chrisburr here's a potential fix https://github.com/apptainer/apptainer/pull/2284, if you had a chance to give it a try, please let us know if that fixes the issue. Thanks!
FWIW, I suspect a kernel bug here, the assumption is that for some reasons the audit kernel code can't determine all the required data for the event and block the...
Just an assumption, Gitlab might look at this field https://github.com/opencontainers/image-spec/blob/39ab2d54cfa8fe1bee1ff20001264986d92ab85a/specs-go/v1/config.go#L95, but the way apptainer push/store OCI artifacts on registries doesn't use `Image` (https://github.com/opencontainers/image-spec/blob/39ab2d54cfa8fe1bee1ff20001264986d92ab85a/specs-go/v1/config.go#L93) at all, that might explain why