[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] HTCondor OCI Support?



Dear experts,

reading through the slides from HEPiX:
https://indico.cern.ch/event/676324/contributions/2981843/attachments/1651270/2641144/TannenbaumT_WhatsNew_HEPiX_Spring_2018.pdf
I find a lot of mentioning of Singularity and Docker, but wonder whether it would not be significantly easier
and future-proof to implement OCI support? 
Singularity is also adding OCI compatibility, and Docker already has that with Docker-runc. It would hopefully allow
to get rid of a lot of specialties. 

Any plans on this? 

Also, the talk sadly does not mention that while Singularity can be executed without setuid root on modern OS,
condor_ssh_to_job fails in that environment, and especially interactive jobs are a strong point in the container world. 
It would be nice if there would be a working setup not requiring privileges either in form of a root-owned daemon or setuid root binaries,
and I don't see a hard technical "blocker" for that. 
Having
https://bugzilla.redhat.com/show_bug.cgi?id=1522992 and 
https://bugzilla.mindrot.org/show_bug.cgi?id=2813
solved would certainly help, but one could surely workaround those. 

Cheers,
	Oliver

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature