(PP08): Rootless Containers with Udocker
System Software & Runtime Systems
TimeTuesday, June 18th3:15pm - 3:45pm
Descriptionudocker (https://github.com/indigo-dc/udocker) is a tool that addresses the problematic of executing Linux containers in user space, i.e. without installing additional system software, without requiring administrative privileges and in a way that respects resource usage policies, accounting and process controls. udocker empowers users to execute applications encapsulated in containers easily in any Linux system including computing clusters.
udocker implements a subset of Docker commands aimed at searching, pulling, importing, loading and executing containers. The self installation allows a user to transfer udocker and execute it to pull the required tools and libraries. All required binary tools and libraries are provided with udocker and compilation is not required. udocker is an integration tool that incorporates several execution methods giving the user the best possible options to run their containers according to the host capabilities. Several interchangeable execution modes are available, that exploit different technologies and tools, enabling udocker to run in older and newer Linux distributions. Currently udocker supports four modes: system call interception and pathname rewriting via PTRACE, dynamic library call interception and pathname rewriting via shared library preload, Linux unprivileged namespaces via runC, and also Singularity where available. Each approach has its own advantages and limitations, and therefore an integration tool offers flexibility and freedom of choice to adapt to the application and host characteristics.
udocker is been successfully used to support execution of HTC, HPC and GPGPU based applications in many datacenters and infrastructures, and has more than 500 stars on github.