On 20/05/15 03:15, Kilian Cavalotti wrote: > One major downside to running Docker containers in a shared HPC > cluster (to me at least), is that the default user in a container is > root.
One thing that has occurred to me is that the whole point of containers is that they are using the kernel namespace features and so whilst the user inside the container is root that is only inside their own user namespace, that does not (should not!) correspond to root on the host itself (there's a mapping file to determine who they are mapped to). There is an excellent LWN article on user namespaces here: https://lwn.net/Articles/532593/ Your filesystem has to support it though, otherwise it looks like you'll get EINVAL back - as this comment from a user who was trying it on filesystems not yet ported to it reports: https://lwn.net/Articles/541787/ All the best, Chris -- Christopher Samuel Senior Systems Administrator VLSCI - Victorian Life Sciences Computation Initiative Email: [email protected] Phone: +61 (0)3 903 55545 http://www.vlsci.org.au/ http://twitter.com/vlsci
