[Beowulf] Containers in HPC
Alexander Antoniades
sander at columbia.edu
Thu May 23 12:58:49 PDT 2019
Red Hat re-implemented the Docker using the Open Container Spec (which is
as far as I know a standard based on Docker) as a project called CRI-O
https://cri-o.io/ which removes the need for a daemon to run containers and
rectifies a lot of the security concerns by dividing the work of the daemon
into multiple tools. As of RHEL/Centos 7.7 and 8+ they allow for running
containers without root using that tool.
A lot of the security concerns apply more to regular servers which are
running Docker (or others) vs purpose build container hosting servers which
can be stripped down and hardened.
Thanks,
Sander
On Thu, May 23, 2019 at 3:03 PM Jan Wender <j.wender at web.de> wrote:
> Hi,
>
> > Am 23.05.2019 um 15:06 schrieb Gerald Henriksen <ghenriks at gmail.com>:
> >
> > security concerns about Docker
>
> One of the issues is that execution of a Docker container requires to be
> started as root, which can be done for services etc, but not for user
> processes. But I think that Docker is working on changing that requirement.
>
> Best, Jan
> --
> Jan Wender - j.wender at web.de
>
>
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> https://beowulf.org/cgi-bin/mailman/listinfo/beowulf
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://beowulf.org/pipermail/beowulf/attachments/20190523/aa318438/attachment.html>
More information about the Beowulf
mailing list