18238: Arvbox Singularity / Docker updates wip

[arvados.git] / tools / arvbox / lib / arvbox / docker / createusers.sh

diff --git a/tools/arvbox/lib/arvbox/docker/createusers.sh b/tools/arvbox/lib/arvbox/docker/createusers.sh
index 7cf58e201d1e27ca2492d9ace8d9d241d1c4dc41..66a4ff474768da2428e0404e021ce0d1ab6f4d13 100755 (executable)
--- a/tools/arvbox/lib/arvbox/docker/createusers.sh
+++ b/tools/arvbox/lib/arvbox/docker/createusers.sh
@@ -42,6 +42,13 @@ if ! grep "^arvbox:" /etc/passwd >/dev/null 2>/dev/null ; then
     mkdir -p /tmp/crunch0 /tmp/crunch1
     chown crunch:crunch -R /tmp/crunch0 /tmp/crunch1
 
+    # singularity needs to be owned by root and suid
+    chown root /var/lib/arvados/bin/singularity \
+         /var/lib/arvados/etc/singularity/singularity.conf \
+         /var/lib/arvados/etc/singularity/capability.json \
+         /var/lib/arvados/etc/singularity/ecl.toml
+    chmod u+s /var/lib/arvados/bin/singularity
+
     echo "arvbox    ALL=(crunch) NOPASSWD: ALL" >> /etc/sudoers
 
     cat <<EOF > /etc/profile.d/paths.sh