support --no-home in --oci mode

When `--no-home` is set on the CLI in `--oci` mode, do not mount onto the container home directory. Fixes sylabs/singularity#1780 Signed-off-by: Edita Kizinevic <edita.kizinevic@cern.ch>
vzokay · Jul 11, 2023 · 72cac4a · 72cac4a
1 parent e0ec24b
commit 72cac4a
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -79,6 +79,8 @@ For older changes see the [archived Singularity change log](https://github.com/a
   storage. If `--scratch <scratchdir>` is used in conjunction with `--workdir`,
   scratch directories will be mapped to subdirectories nested under
   `<workdir>/scratch` on the host, rather than to tmpfs storage.
+- OCI-mode now supports the `--no-home` flag, to prevent the container home
+  directory from being mounted.
 
 ### Developer / API
 

diff --git a/e2e/actions/oci.go b/e2e/actions/oci.go
@@ -211,6 +211,11 @@ func (c actionTests) actionOciExec(t *testing.T) {
 			argv: []string{"--home", "/tmp:/home", imageRef, "true"},
 			exit: 0,
 		},
+		{
+			name: "NoHome",
+			argv: []string{"--no-home", imageRef, "grep", e2e.OCIUserProfile.ContainerUser(t).Dir, "/proc/self/mountinfo"},
+			exit: 1,
+		},
 		{
 			name: "UTSNamespace",
 			argv: []string{"--uts", imageRef, "true"},

diff --git a/internal/pkg/runtime/launcher/oci/launcher_linux.go b/internal/pkg/runtime/launcher/oci/launcher_linux.go
@@ -86,9 +86,6 @@ func checkOpts(lo launcher.Options) error {
 	if lo.WritableTmpfs {
 		sylog.Infof("--oci mode uses --writable-tmpfs by default")
 	}
-	if lo.NoHome {
-		badOpt = append(badOpt, "NoHome")
-	}
 
 	if len(lo.FuseMount) > 0 {
 		badOpt = append(badOpt, "FuseMount")

diff --git a/internal/pkg/runtime/launcher/oci/mounts_linux.go b/internal/pkg/runtime/launcher/oci/mounts_linux.go
@@ -270,13 +270,17 @@ func (l *Launcher) addSysMount(mounts *[]specs.Mount) error {
 // `--containall`, so the user must specifically bind in their home directory
 // from the host for it to be available.
 func (l *Launcher) addHomeMount(mounts *[]specs.Mount) error {
-	// If the $HOME mount is skipped by config need to still handle setting the
-	// correct $HOME dir, but just skip adding the mount.
+	// If the $HOME mount is skipped by config or --no-home, we still need to
+	// handle setting the correct $HOME dir, but just skip adding the mount.
 	skipMount := false
 	if !l.apptainerConf.MountHome {
 		sylog.Debugf("Skipping mount of $HOME due to apptainer.conf")
 		skipMount = true
 	}
+	if l.cfg.NoHome {
+		sylog.Debugf("Skipping mount of $HOME due to --no-home")
+		skipMount = true
+	}
 
 	// Get the host user's data
 	pw, err := user.CurrentOriginal()