The apptainer-suid package version 1.1.8 now in epel-testing has an incompatible change because of a security vulnerability. The change is that a new option "allow setuid-mount extfs" was added which defaults to no, preventing ordinary users from mounting ext3 filesystems in setuid-root mode. Those filesystems are used by a subset of users primarily for the overlay feature which adds changes on top of a base container image. If unprivileged user namespaces are enabled, users will be able to still mount ext3 filesystems by using the "-u/--userns" option or if the apptainer-suid package is removed. If system administrators review the vulnerability description at https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg and decide they still want to allow setuid-root access to this feature, they can enable it by setting "allow setuid-mount extfs = yes" in /etc/apptainer/apptainer.conf. This package will not be promoted to the epel repository for at least two weeks, pending approval by the EPEL Steering Committee according to the EPEL incompatible change policy. Apptainer 1.1.8 release notes are at https://github.com/apptainer/apptainer/releases/tag/v1.1.8 Dave _______________________________________________ epel-announce mailing list -- epel-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
