[Beowulf] Containers in HPC
Jonathan Aquilina
jaquilina at eagleeyet.net
Thu May 23 19:00:29 PDT 2019
When you say stripped down you mean bare essentials in the kernel?
Regards,
Jonathan
From: Beowulf <beowulf-bounces at beowulf.org> On Behalf Of Alexander Antoniades
Sent: 23 May 2019 21:59
To: Jan Wender <j.wender at web.de>
Cc: beowulf at beowulf.org
Subject: Re: [Beowulf] Containers in HPC
Red Hat re-implemented the Docker using the Open Container Spec (which is as far as I know a standard based on Docker) as a project called CRI-O https://cri-o.io/ which removes the need for a daemon to run containers and rectifies a lot of the security concerns by dividing the work of the daemon into multiple tools. As of RHEL/Centos 7.7 and 8+ they allow for running containers without root using that tool.
A lot of the security concerns apply more to regular servers which are running Docker (or others) vs purpose build container hosting servers which can be stripped down and hardened.
Thanks,
Sander
On Thu, May 23, 2019 at 3:03 PM Jan Wender <j.wender at web.de<mailto:j.wender at web.de>> wrote:
Hi,
> Am 23.05.2019 um 15:06 schrieb Gerald Henriksen <ghenriks at gmail.com<mailto:ghenriks at gmail.com>>:
>
> security concerns about Docker
One of the issues is that execution of a Docker container requires to be started as root, which can be done for services etc, but not for user processes. But I think that Docker is working on changing that requirement.
Best, Jan
--
Jan Wender - j.wender at web.de<mailto:j.wender at web.de>
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org<mailto:Beowulf at beowulf.org> sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit https://beowulf.org/cgi-bin/mailman/listinfo/beowulf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://beowulf.org/pipermail/beowulf/attachments/20190524/f357031f/attachment.html>
More information about the Beowulf
mailing list