github.com/apptainer/singularity@v3.1.1+incompatible/internal/pkg/syecl/syecl.toml.example

github.com/apptainer/singularity@v3.1.1+incompatible/internal/pkg/syecl/syecl.toml.example (about)

     1  # Singularity Execution Control List config file
     2  #
     3  # This file describes execution groups in which SIF files are checked for
     4  # authorized loading/execution. The decision is made by validating both the
     5  # location of the sif file in the file system and by checking against a list of
     6  # signing entities.
     7  #
     8  # The current possible list modes are: whitelist, whitestrict and blacklist.
     9  #
    10  # Example:
    11  #
    12  #activated = true
    13  #
    14  #[[execgroup]]
    15  #  tagname = "group1"
    16  #  mode = "whitestrict"
    17  #  dirpath = "/var/cache/containers"
    18  #  keyfp = ["5994BE54C31CF1B5E1994F987C52CF6D055F072B","7064B1D6EFF01B1262FED3F03581D99FE87EAFD1"]
    19  #
    20  #[[execgroup]]
    21  #  tagname = "group2"
    22  #  mode = "whitelist"
    23  #  dirpath = "/tmp/containers"
    24  #  keyfp = ["7064B1D6EFF01B1262FED3F03581D99FE87EAFD1"]
    25  #
    26  # The above example defines 2 execution groups (dirpath: /var/cache/containers
    27  # and /tmp/containers), in which only SIF files signed with both Key IDs
    28  # 055F072B and E87EAFD1 may run if started from /var/cache/containers and only
    29  # SIF files signed with Key ID E87EAFD1 may run if started from /tmp/containers.
    30  #
    31  
    32  activated = false