Hi All,
I am studying the HTCondor Admin Manual to understand how to set up a cycle-scavenging pool here in Exeter. Since the execute machines are Linux workstations that others have root access to, I wasn’t sure how comfortable folks would be having
“password-less Docker sudo permission to start the container as root.” It seems that running Docker root-less means forfeiting a bunch of the security protocols the engine uses to keep stuff properly contained.
When running a workstation pool using machines owned by others, what are the best practices for running containers because my readings are giving me mixed messages?
Many thanks,
Matt
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}