Has anyone looked at using LXC rather than Docker specifically? From what I understand, it's possible to run unprivileged LXC containers, so no need to be root.
-- *Nathan Harper* // IT Systems Architect *e: * [email protected] // *t: * 0117 906 1104 // *m: * 07875 510891 // *w: * www.cfms.org.uk <http://www.cfms.org.uk%22> // [image: Linkedin grey icon scaled] <http://uk.linkedin.com/pub/nathan-harper/21/696/b81> CFMS Services Ltd // Bristol & Bath Science Park // Dirac Crescent // Emersons Green // Bristol // BS16 7FR CFMS Services Ltd is registered in England and Wales No 05742022 - a subsidiary of CFMS Ltd CFMS Services Ltd registered office // Victoria House // 51 Victoria Street // Bristol // BS1 6AD On 5 June 2015 at 10:25, Thomas HAMEL <[email protected]> wrote: > > Le 06/04/2015 06:52 PM, Christopher Samuel a écrit : > > > > On 20/05/15 03:15, Kilian Cavalotti wrote: > > > >> One major downside to running Docker containers in a shared HPC > >> cluster (to me at least), is that the default user in a container is > >> root. > > > > One thing that has occurred to me is that the whole point of containers > > is that they are using the kernel namespace features and so whilst the > > user inside the container is root that is only inside their own user > > namespace, that does not (should not!) correspond to root on the host > > itself (there's a mapping file to determine who they are mapped to). > > Docker does not uses user namespaces yet, so root inside the container > is a cripled root but still root: > > https://github.com/docker/docker/issues/7906 > > Regards > > -- > Thomas HAMEL > OVH.com > +33 1 49 58 45 70 > [email protected] > > OVH GS > 6bis Rue Riquet, 75019 Paris, France >
