Two package flavors are available, standard and hardened. As a rule of thumb, the hardened flavor will be slightly more secure but will suffer from a larger overhead.
The table below describes each package flavor and their characteristics:
Flavor | Package | Description |
---|---|---|
Standard | enroot |
Main utility, helper binaries and standard configuration files.
|
enroot+caps |
Grants extra capabilities to unprivileged users which allows them to import and convert container images. |
|
Hardened | enroot-hardened |
Main utility, helper binaries and standard configuration files. |
enroot-hardened+caps |
Grants extra capabilities to unprivileged users which allows them to import and convert container images. |
# Debian-based distributions
arch=$(dpkg --print-architecture)
curl -fSsL -O https://github.com/NVIDIA/enroot/releases/download/v3.4.1/enroot_3.4.1-1_${arch}.deb
curl -fSsL -O https://github.com/NVIDIA/enroot/releases/download/v3.4.1/enroot+caps_3.4.1-1_${arch}.deb # optional
sudo apt install -y ./*.deb
# RHEL-based distributions
arch=$(uname -m)
sudo dnf install -y epel-release # required on some distributions
sudo dnf install -y https://github.com/NVIDIA/enroot/releases/download/v3.4.1/enroot-3.4.1-1.el8.${arch}.rpm
sudo dnf install -y https://github.com/NVIDIA/enroot/releases/download/v3.4.1/enroot+caps-3.4.1-1.el8.${arch}.rpm # optional
# Debian-based distributions
arch=$(dpkg --print-architecture)
curl -fSsL -O https://github.com/NVIDIA/enroot/releases/download/v3.4.1/enroot-hardened_3.4.1-1_${arch}.deb
curl -fSsL -O https://github.com/NVIDIA/enroot/releases/download/v3.4.1/enroot-hardened+caps_3.4.1-1_${arch}.deb # optional
sudo apt install -y ./*.deb
# RHEL-based distributions
arch=$(uname -m)
sudo dnf install -y epel-release # required on some distributions
sudo dnf install -y https://github.com/NVIDIA/enroot/releases/download/v3.4.1/enroot-hardened-3.4.1-1.el8.${arch}.rpm
sudo dnf install -y https://github.com/NVIDIA/enroot/releases/download/v3.4.1/enroot-hardened+caps-3.4.1-1.el8.${arch}.rpm # optional
Install the build dependencies and clone the repository:
# Debian-based distributions
sudo apt install -y git gcc make libcap2-bin libtool automake libmd-dev
# RHEL-based distributions:
sudo dnf install -y git gcc make libcap libtool automake libmd-devel
# Archlinux-based distributions:
sudo pacman --noconfirm -S git gcc make libtool automake libmd
git clone --recurse-submodules https://github.com/NVIDIA/enroot.git
Install the runtime dependencies:
# Debian-based distributions
sudo apt install -y curl gawk jq squashfs-tools parallel
sudo apt install -y fuse-overlayfs libnvidia-container-tools pigz squashfuse # optional
# RHEL-based distributions
sudo dnf install -y epel-release # required on some distributions
sudo dnf install -y jq squashfs-tools parallel
sudo dnf install -y fuse-overlayfs libnvidia-container-tools pigz squashfuse # optional
# Archlinux-based distributions
sudo pacman --noconfirm -S jq parallel squashfs-tools
sudo pacman --noconfirm -S fuse-overlayfs libnvidia-container-tools pigz squashfuse # optional
Build and install Enroot:
cd enroot
sudo make install
In order to allow unprivileged users to import images:
sudo make setcap