Exec prepares an EngineConfig defining how a container should be launched, then calls the starter binary to execute it. This includes interactive containers, instances, and joining an existing instance. nolint:maintidx
(ctx context.Context, image string, args []string, instanceName string)
| 103 | // |
| 104 | //nolint:maintidx |
| 105 | func (l *Launcher) Exec(ctx context.Context, image string, args []string, instanceName string) error { |
| 106 | var err error |
| 107 | |
| 108 | var fakerootPath string |
| 109 | if l.cfg.Fakeroot { |
| 110 | if (l.uid == 0) && namespaces.IsUnprivileged() { |
| 111 | // Already running root-mapped unprivileged |
| 112 | l.cfg.Fakeroot = false |
| 113 | // Setting the following line with `false` value |
| 114 | // will prevent Apptainer from allocating an additional user namespace. |
| 115 | // Here, Apptainer is already running inside a root-mapped namespace, |
| 116 | // i.e., similar to running with `unshare -r`, setting the following |
| 117 | // line with `true` value will make Apptainer run inside a nested |
| 118 | // root-mapped namespace, similar to `unshare -r unshare -r` |
| 119 | l.cfg.Namespaces.User = false |
| 120 | sylog.Debugf("running root-mapped unprivileged") |
| 121 | var err error |
| 122 | if l.cfg.IgnoreFakerootCmd { |
| 123 | err = errors.New("fakeroot command is ignored because of --ignore-fakeroot-command") |
| 124 | } else { |
| 125 | fakerootPath, err = fakeroot.FindFake() |
| 126 | } |
| 127 | if err != nil { |
| 128 | sylog.Infof("fakeroot command not found, using only root-mapped namespace") |
| 129 | } else { |
| 130 | sylog.Infof("Using fakeroot command combined with root-mapped namespace") |
| 131 | } |
| 132 | } else if (l.uid != 0) && (!fakeroot.IsUIDMapped(l.uid) || l.cfg.IgnoreSubuid) { |
| 133 | sylog.Infof("User not listed in %v, trying root-mapped namespace", fakeroot.SubUIDFile) |
| 134 | l.cfg.Fakeroot = false |
| 135 | var err error |
| 136 | if l.cfg.IgnoreUserns { |
| 137 | err = errors.New("could not start root-mapped namespace because --ignore-userns is set") |
| 138 | } else { |
| 139 | err = fakeroot.UnshareRootMapped(os.Args, false) |
| 140 | } |
| 141 | if err == nil { |
| 142 | // All good |
| 143 | os.Exit(0) |
| 144 | } |
| 145 | sylog.Debugf("UnshareRootMapped failed: %v", err) |
| 146 | if l.cfg.IgnoreFakerootCmd { |
| 147 | err = errors.New("fakeroot command is ignored because of --ignore-fakeroot-command") |
| 148 | } else { |
| 149 | fakerootPath, err = fakeroot.FindFake() |
| 150 | } |
| 151 | if err != nil { |
| 152 | sylog.Fatalf("--fakeroot requires either being in %v, unprivileged user namespaces, or the fakeroot command", fakeroot.SubUIDFile) |
| 153 | } |
| 154 | notSandbox := false |
| 155 | if strings.Contains(image, "://") { |
| 156 | notSandbox = true |
| 157 | } else { |
| 158 | info, err := os.Stat(image) |
| 159 | if err == nil && !info.Mode().IsDir() { |
| 160 | notSandbox = true |
| 161 | } |
| 162 | } |
no test coverage detected