fix: singularity.conf default root capabilities comment

Corrected `singularity.conf` comment, to refer to correct file as source of default capabilities when `root default capabilities = file`. Fixes sylabs#1583
genomics-dev · Apr 21, 2023 · ea87161 · ea87161
1 parent 77f18fe
commit ea87161
Show file tree

Hide file tree

Showing 8 changed files with 22 additions and 13 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -63,6 +63,8 @@
   in `--oci` mode.
 - Honour `mount proc` / `mount sys` / `mount tmp` / `mount home` directives from
   `singularity.conf` in `--oci` mode.
+- Corrected `singularity.conf` comment, to refer to correct file as source
+  of default capabilities when `root default capabilities = file`.
 
 ## 3.11.1 \[2023-03-14\]
 

diff --git a/etc/conf/testdata/test_1.out.correct b/etc/conf/testdata/test_1.out.correct
@@ -199,10 +199,11 @@ always use nv = no
 
 
 # ROOT DEFAULT CAPABILITIES: [full/file/no]
-# DEFAULT: no
+# DEFAULT: full
 # Define default root capability set kept during runtime
 # - full: keep all capabilities (same as --keep-privs)
-# - file: keep capabilities configured in ${prefix}/etc/singularity/capabilities/user.root
+# - file: keep capabilities configured for root in
+#         ${prefix}/etc/singularity/capability.json
 # - no: no capabilities (same as --no-privs)
 root default capabilities = full
 

diff --git a/etc/conf/testdata/test_2.in b/etc/conf/testdata/test_2.in
@@ -199,10 +199,11 @@ always use nv = no
 
 
 # ROOT DEFAULT CAPABILITIES: [full/file/no]
-# DEFAULT: no
+# DEFAULT: full
 # Define default root capability set kept during runtime
 # - full: keep all capabilities (same as --keep-privs)
-# - file: keep capabilities configured in ${prefix}/etc/singularity/capabilities/user.root
+# - file: keep capabilities configured for root in
+#         ${prefix}/etc/singularity/capability.json
 # - no: no capabilities (same as --no-privs)
 root default capabilities = full
 

diff --git a/etc/conf/testdata/test_2.out.correct b/etc/conf/testdata/test_2.out.correct
@@ -199,10 +199,11 @@ always use nv = no
 
 
 # ROOT DEFAULT CAPABILITIES: [full/file/no]
-# DEFAULT: no
+# DEFAULT: full
 # Define default root capability set kept during runtime
 # - full: keep all capabilities (same as --keep-privs)
-# - file: keep capabilities configured in ${prefix}/etc/singularity/capabilities/user.root
+# - file: keep capabilities configured for root in
+#         ${prefix}/etc/singularity/capability.json
 # - no: no capabilities (same as --no-privs)
 root default capabilities = full
 

diff --git a/etc/conf/testdata/test_3.in b/etc/conf/testdata/test_3.in
@@ -190,10 +190,11 @@ always use nv = no
 
 
 # ROOT DEFAULT CAPABILITIES: [full/file/no]
-# DEFAULT: no
+# DEFAULT: full
 # Define default root capability set kept during runtime
 # - full: keep all capabilities (same as --keep-privs)
-# - file: keep capabilities configured in ${prefix}/etc/singularity/capabilities/user.root
+# - file: keep capabilities configured for root in
+#         ${prefix}/etc/singularity/capability.json
 # - no: no capabilities (same as --no-privs)
 root default capabilities = full
 

diff --git a/etc/conf/testdata/test_3.out.correct b/etc/conf/testdata/test_3.out.correct
@@ -199,10 +199,11 @@ always use nv = no
 
 
 # ROOT DEFAULT CAPABILITIES: [full/file/no]
-# DEFAULT: no
+# DEFAULT: full
 # Define default root capability set kept during runtime
 # - full: keep all capabilities (same as --keep-privs)
-# - file: keep capabilities configured in ${prefix}/etc/singularity/capabilities/user.root
+# - file: keep capabilities configured for root in
+#         ${prefix}/etc/singularity/capability.json
 # - no: no capabilities (same as --no-privs)
 root default capabilities = full
 

diff --git a/etc/conf/testdata/test_default.tmpl b/etc/conf/testdata/test_default.tmpl
@@ -210,10 +210,11 @@ always use nv = {{ if eq .AlwaysUseNv true }}yes{{ else }}no{{ end }}
 
 
 # ROOT DEFAULT CAPABILITIES: [full/file/no]
-# DEFAULT: no
+# DEFAULT: full
 # Define default root capability set kept during runtime
 # - full: keep all capabilities (same as --keep-privs)
-# - file: keep capabilities configured in ${prefix}/etc/singularity/capabilities/user.root
+# - file: keep capabilities configured for root in
+#         ${prefix}/etc/singularity/capability.json
 # - no: no capabilities (same as --no-privs)
 root default capabilities = {{ .RootDefaultCapabilities }}
 

diff --git a/pkg/util/singularityconf/config.go b/pkg/util/singularityconf/config.go
@@ -345,7 +345,8 @@ always use rocm = {{ if eq .AlwaysUseRocm true }}yes{{ else }}no{{ end }}
 # DEFAULT: full
 # Define default root capability set kept during runtime
 # - full: keep all capabilities (same as --keep-privs)
-# - file: keep capabilities configured in ${prefix}/etc/singularity/capabilities/user.root
+# - file: keep capabilities configured for root in
+#         ${prefix}/etc/singularity/capability.json
 # - no: no capabilities (same as --no-privs)
 root default capabilities = {{ .RootDefaultCapabilities }}