From f6f4c1ca5a4277e4bd187988fb70c5ac130fcecf Mon Sep 17 00:00:00 2001 From: JosephLalli Date: Tue, 16 Jan 2024 15:10:52 -0600 Subject: [PATCH] Adding changes from https://github.com/nextflow-io/nextflow/pull/4141 --- .../main/groovy/nextflow/container/ContainerConfig.groovy | 8 +++++--- .../main/io/seqera/wave/plugin/cli/WaveDebugCmd.groovy | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/modules/nextflow/src/main/groovy/nextflow/container/ContainerConfig.groovy b/modules/nextflow/src/main/groovy/nextflow/container/ContainerConfig.groovy index 44cc070156..f32604ff62 100644 --- a/modules/nextflow/src/main/groovy/nextflow/container/ContainerConfig.groovy +++ b/modules/nextflow/src/main/groovy/nextflow/container/ContainerConfig.groovy @@ -124,9 +124,11 @@ class ContainerConfig extends LinkedHashMap { final eng = getEngine() if( !eng ) return null - if( eng=='docker' || eng=='podman' ) - return '--rm --privileged' - if( isSingularityOciMode() ) + if( eng=='docker' ) + return '--rm --device /dev/fuse --security-opt apparmor=unconfined --security-opt seccomp=unconfined' + if( eng=='podman' ) + return '--rm --device /dev/fuse' + if( singularityOciMode() ) return '-B /dev/fuse' if( eng=='singularity' || eng=='apptainer' ) return null diff --git a/plugins/nf-wave/src/main/io/seqera/wave/plugin/cli/WaveDebugCmd.groovy b/plugins/nf-wave/src/main/io/seqera/wave/plugin/cli/WaveDebugCmd.groovy index fcab901185..57843c25ac 100644 --- a/plugins/nf-wave/src/main/io/seqera/wave/plugin/cli/WaveDebugCmd.groovy +++ b/plugins/nf-wave/src/main/io/seqera/wave/plugin/cli/WaveDebugCmd.groovy @@ -118,7 +118,7 @@ class WaveDebugCmd { protected WaveRunCmd buildWaveRunCmd(String scheme) { final result = new WaveRunCmd(session) - result.withContainerParams([tty:true, privileged: true]) + result.withContainerParams([tty:true]) if( scheme=='s3' ) { result.withEnvironment('AWS_ACCESS_KEY_ID') result.withEnvironment('AWS_SECRET_ACCESS_KEY')