Containarium

Patch release for v0.16.0.

Fixed

• Jump server account missing sudoers entry (internal/container/jump_server.go, PR #101) — CreateJumpServerAccount (the path used when the daemon auto-creates a container's host user — manager.go, cmd/create.go, collaborator.go, cmd/recover.go, cmd/sync_accounts.go) wrote useradd and the SSH key but never wrote /etc/sudoers.d/containarium-<user>. The user's containarium-shell then hit a password prompt on every SSH because sudo incus exec had no NOPASSWD rule. EnsureJumpServerAccount already had the sudoers write; this brings the primary path to parity.

Symptom

ssh <user> returned [sudo] password for <user>: and hung. Caught on lab pool with newly-created hsinho and jyunfan containers; test01 worked because it had been bootstrapped via setup-peer-user.sh, which writes the sudoers entry directly.

Upgrade

Drop in the new binary and restart the daemon:

sudo curl -sL https://github.com/FootprintAI/Containarium/releases/download/v0.16.1/containarium-linux-amd64 -o /usr/local/bin/containarium
sudo chmod +x /usr/local/bin/containarium
sudo systemctl restart containarium

Existing broken users

Host users created by a pre-v0.16.1 daemon stay broken until either:

• the operator writes the sudoers file manually:

  echo "<user> ALL=(root) NOPASSWD: /usr/bin/incus" | sudo tee /etc/sudoers.d/containarium-<user>
  sudo chmod 440 /etc/sudoers.d/containarium-<user>
  

• or the daemon recreates them (e.g., container delete + recreate).

The new binary only fixes future container creations; it does not retroactively patch existing host users.