Singularity

Zitieren

FOSDEM VZW

Bauer, Michael

Formale Metadaten

Titel

Singularity

Untertitel

The Inner Workings of Securely Running User Containers on HPC Systems

Serientitel

FOSDEM 2017

Anzahl der Teile

611

Autor

Bauer, Michael

Lizenz

CC-Namensnennung 2.0 Belgien:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.

Identifikatoren

10.5446/42337 (DOI)

Herausgeber

FOSDEM VZW

Erscheinungsjahr

2018

Sprache

Englisch

Produktionsjahr

2017

Inhaltliche Metadaten

Fachgebiet

Informatik

Genre

Konferenz/Talk

Abstract

Singularity is an open source container solution being developed specificallyfor HPC environments. With Singularity, HPC users can safely bring their ownexecution environments to the cluster. Unlike other container solutions,Singularity does not require root level permissions to run containers, whichallows users to freely control what software stack they wish to use.Provisioning of a container image can be done locally on the user's machine oron Singularity Hub. The resulting image can then be securely executed on anymachine with Singularity installed. Reproduction of results has never beeneasier: a user can now share a single Singularity image file that will ensurea consistent execution environment wherever it is run. This presentation will provide an in-depth look at how Singularity is able tosecurely run user containers on HPC systems. After a brief introduction toSingularity and its relationship to other container solutions, the details ofSingularity's runtime will be explored. The way that Singularity leveragesLinux features such as namespaces, bind mounts, and SUID binaries will bediscussed in further detail as well. Singularity is an open source container solution being developed specificallyfor HPC environments. With Singularity, HPC users can safely bring their ownexecution environments to the cluster. Unlike other container solutions,Singularity does not require root level permissions to run containers, whichallows users to freely control what software stack they wish to use.Provisioning of a container image can be done locally on the user's machine oron Singularity Hub. The resulting image can then be securely executed on anymachine with Singularity installed. Reproduction of results has never beeneasier: a user can now share a single Singularity image file that will ensurea consistent execution environment wherever it is run. This presentation will provide an in-depth look at how Singularity is able tosecurely run user containers on HPC systems. After a brief introduction toSingularity and its relationship to other container solutions, the details ofSingularity's runtime will be explored. The way that Singularity leveragesLinux features such as namespaces, bind mounts, and SUID binaries will bediscussed in further detail as well.