I have been working on creating a snap package for the Apptainer container platform for HPC systems, and I have been noticing some odd discrepancies between when I test the package as root v.s. a non-root user. When I interact with the snap package as root (build containers, launching services, pulling images, etc.) everything works perfectly, but when I try to use the Apptainer snap as a non-root user, say ubuntu, everything starts to go awry.
For example, here is what happens when I try to build a container as user ubuntu:
ubuntu@apptainer-snap:~$ apptainer build http.sif http.def
FATAL: newuidmap was not found in PATH (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin), required with fakeroot and unprivileged installation when user is in /etc/subuid
or when I try to execute a process inside the container:
ubuntu@apptainer-snap:~$ apptainer exec http.sif python3 -V
FATAL: container creation failed: mount hook function failure: mount /proc/self/fd/3->/snap/apptainer/x1/var/apptainer/mnt/session/rootfs error: while mounting image /proc/self/fd/3: squashfuse exited with status 127: /snap/apptainer/x1/usr/bin/squashfuse: error while loading shared libraries: libsquashfuse.so.0: cannot open shared object file: No such file or directory
Oddly enough, both the library libsquashfuse.so.0 and executable newuidmap exist within the snap package under /snap/apptainer/current, and both of the commands above work perfectly however when I prepend them with sudo.
Would anyone happen to know what the issue might be here with the discrepancy between root v.s. non-root? Here is the in-progress snapcraft.yaml file. I am currently having the snap package install with classic confinement, but I hardly imagine that this is the cause of my issues:
name: apptainer
version: 1.1.3
license: BSD-3-Clause-LBNL
summary: An open-source container system for High-Performance Computing.
description: |
Apptainer is the most widely used container system for High-Performance
Computing. It is designed to execute applications at bare-metal performance
while being secure, portable, and 100% reproducible. Apptainer is an
open-source project with a friendly community of developers and users.
The user base continues to expand, with Apptainer now used across industry
and academia in many areas of work.
base: core22
grade: devel
confinement: classic
compression: lzo
architectures:
- build-on: amd64
parts:
apptainer:
plugin: dump
source: https://github.com/apptainer/apptainer.git
source-tag: v1.1.3
build-packages:
- build-essential
- libseccomp-dev
- pkg-config
- uidmap
- squashfs-tools
- squashfuse
- fuse2fs
- fuse-overlayfs
- fakeroot
- cryptsetup
- curl
- wget
- golang
stage-packages:
- build-essential
- libseccomp-dev
- pkg-config
- uidmap
- squashfs-tools
- squashfuse
- fuse2fs
- fuse-overlayfs
- fakeroot
- cryptsetup
- curl
- wget
- golang
override-build: |
craftctl default
cd $CRAFT_PART_SRC
./mconfig --prefix=$CRAFT_PART_INSTALL
make -C builddir
make -C builddir install
cleanup:
after: [apptainer]
plugin: nil
override-prime: |
set -eux
cd $CRAFT_PRIME
rm -rf \
*.md builddir cmd dist docs e2e \
examples go.mod go.sum internal \
makeit mconfig mlocal pkg scripts tools
apps:
apptainer:
command: bin/apptainer
environment:
LD_LIBRARY_PATH: $SNAP/usr/lib/x86_64-linux-gnu/:$LD_LIBRARY_PATH
PATH: $SNAP/usr/bin/:$PATH
singularity:
command: bin/singularity
run-singularity:
command: bin/run-singularity
Any words of wisdom are appreciated!