This change has now been approved by the EPEL Steering Committee and requested to be pushed to stable. I expect it to be in stable sometime tomorrow. Dave On Wed, Apr 26, 2023 at 01:07:32PM -0500, Dave Dykstra wrote: > The apptainer-suid package version 1.1.8 now in epel-testing has an > incompatible change because of a security vulnerability. The change is > that a new option "allow setuid-mount extfs" was added which defaults to > no, preventing ordinary users from mounting ext3 filesystems in > setuid-root mode. Those filesystems are used by a subset of users > primarily for the overlay feature which adds changes on top of a base > container image. If unprivileged user namespaces are enabled, users > will be able to still mount ext3 filesystems by using the "-u/--userns" > option or if the apptainer-suid package is removed. If system > administrators review the vulnerability description at > https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg > and decide they still want to allow setuid-root access to this feature, > they can enable it by setting "allow setuid-mount extfs = yes" in > /etc/apptainer/apptainer.conf. > > This package will not be promoted to the epel repository for at least > two weeks, pending approval by the EPEL Steering Committee according to > the EPEL incompatible change policy. > > Apptainer 1.1.8 release notes are at > https://github.com/apptainer/apptainer/releases/tag/v1.1.8 > > Dave _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
