[Beowulf] Containers in HPC

[Jonathan Aquilina]

You mention to move data to storage how is fedora's gnome desktop edition going to achieve that? Wont one need to use some sort of block storage on aws, google cloud, azure or host your own setup in house?

-----Original Message-----
From: Beowulf <beowulf-bounces at beowulf.org> On Behalf Of Gerald Henriksen
Sent: 23 May 2019 15:07
To: beowulf at beowulf.org
Subject: Re: [Beowulf] Containers in HPC

On Thu, 23 May 2019 12:35:13 +0000, you wrote:

>Thanks for the great explanation and clarification. Another question that stems from the below what mechanisms exist in terms of security for the containers to be as secure as a VM?

I know there have been security concerns about Docker (what most people think of when they talk about containers these days), though I am not sure what exactly they are.

They obviously won't be as a secure as a VM as they are sharing the underlying kernel and perhaps a few system libraries, so if a different container somehow finds a way to compromise the kernel (maybe not so theoritical in the current Intel era) then there will be the possiblity of at least getting at any system calls any other containers make to the kernel.

And at least Docker containers also have the issue that they typically don't have permanent storage so you need to move any data you want to keep out of the container prior to killing the container.

Despite that they have a lot of advantages, and for example Fedora has a project to create a new version of their Gnome Desktop edition using containers instead of traditional rpm packages called Silverblue, and this is partly due to the containers additional security over a traditionally installed application (for example, the ability to restrict access to the underlying filesystem).



_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit https://beowulf.org/cgi-bin/mailman/listinfo/beowulf