See for working group page and actions. Agreed baseline doc is here.

Joint Traceability and Isolation WG & Containers WG meeting

31/S-028 (CERN)



Show room on map

Containers WG

Review of Actions:

  • WC1: Message from David Love saying is giving up the EPEL ownership: Brian will be come owner. New pull request to 2.4.6 which will remove all the extraneous patches that were being maintained. Still waiting for Brian to be given the necessary privileges in EPEL.
  • WC4: CVMFS/Singularity - the issue is understood - problem is that the upper layer is a tempfs which does not support extended attributes. No good way to fix it. Workarounds discussed:
    • Setting a CVMFS option to hide the extended attributes, but not considered OK to apply on production machines.
    • Possiblility to use /tmp instead, but won't work in environments where /tmp is also a tmpfs
    • WC6 (underlay) would make this go away
  • WC6: No progress yet. Dave may look into it, modulo priorities.

Singularity news:

  • 2.4.6:
    • Two months ago there has been a release of 2.4.6 which fixes a new security problem - didn't want to expose in the list. Workaround has been sent via normal EGI and OSG security contacts - to turn off overlay.
    • WLCG hasn't yet copied into the WLCG repository - CVMFS had to delay to fix some global scripts before deployment. Soon, it will be ready to go and we can push it out [subsequently done].
    • Has ATLAS noticed any issues with 2.4.6:
      • Andrej confirms OK from his side. NDGF reported a possible issue - Andrej will follow up with them.
      • [ACTION] Andrej to confirm to Maarten 2.4.6 is OK, who can push if all looks OK [subsequently done].
  • Dave notes Singularity team's policy not to share any sec problems until they have announced a fix - and noted there was another sec. problem in the pipeline, awaiting a release.

Traceability WG


There are minutes attached to this event. Show them.