Merge pull request #264 from DrDaveD/unprivileged-build-encrypted

encrypted containers can be built unprivileged
apptainer · Mar 12, 2024 · 1b8e551 · 1b8e551
2 parents 1ce5318 + ab9c040
commit 1b8e551
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 7 deletions.
diff --git a/index.rst b/index.rst
@@ -44,11 +44,9 @@ Container Signing & Encryption
 
 {Project} allows containers to be signed using a PGP key. The
 signature travels with the container image, allowing you to verify that
-the image is unmodified at any time. Encryption of containers using
-LUKS2 is also supported. Encrypted containers can be run without
+the image is unmodified at any time. Encryption of containers
+is also supported. Encrypted containers can be run without
 decrypting them to disk first.
-Using encrypted containers currently requires a setuid installation of
-{Project}.
 
 .. toctree::
    :maxdepth: 1

diff --git a/security_options.rst b/security_options.rst
@@ -107,9 +107,8 @@ this keyword.
 Building encrypted containers
 *****************************
 
-With {aProject} setuid installation it is possible to build and run
-encrypted containers.
-The containers are decrypted at runtime entirely in kernel space, meaning
+{Project} can build and run encrypted containers.
+The containers are decrypted at runtime entirely in memory, meaning
 that no intermediate decrypted data is ever present on disk. See
 :ref:`encrypted containers <encryption>` for more details.