Post-installation actions

Review permissions required by Sarus

During execution

  • Sarus must run as a root-owned SUID executable and be able to achieve full root privileges to perform mounts and create namespaces.

  • Write/read permissions to the Sarus’s centralized repository. The system administrator can configure the repository’s location through the centralizedRepositoryDir entry in sarus.json.

  • Write/read permissions to the users’ local image repositories. The system administrator can configure the repositories location through the localRepositoryBaseDir entry in sarus.json.

Load required kernel modules

If the kernel modules listed in Requirements are not loaded automatically by the system, remember to load them manually:

sudo modprobe loop
sudo modprobe squashfs
sudo modprobe overlay

Automatic update of Sarus’ passwd cache

When executing the configure_installation script, the passwd and group information are copied and cached into <sarus install prefix>/etc/passwd and <sarus install prefix>/etc/group respectively. The cache allows to bypass the host’s passwd/group database, e.g. LDAP, which could be tricky to configure and access from the container. However, since the cache is created/updated only once at installation time, it can quickly get out-of-sync with the actual passwd/group information of the system. A possible solution is to periodically run a cron job to refresh the cache. E.g. a cron job and a script like the ones below would do:

$ crontab -l
5 0 * * *
$ cat


/usr/bin/getent passwd > <sarus install prefix>/etc/passwd
/usr/bin/getent group  > <sarus install prefix>/etc/group