Singularity

Cite

FOSDEM VZW

Bauer, Michael

Formal Metadata

Title

Singularity

Subtitle

The Inner Workings of Securely Running User Containers on HPC Systems

Title of Series

FOSDEM 2017

Number of Parts

611

Author

Bauer, Michael

License

CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/42337 (DOI)

Publisher

FOSDEM VZW

Release Date

2018

Language

English

Production Year

2017

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Singularity is an open source container solution being developed specificallyfor HPC environments. With Singularity, HPC users can safely bring their ownexecution environments to the cluster. Unlike other container solutions,Singularity does not require root level permissions to run containers, whichallows users to freely control what software stack they wish to use.Provisioning of a container image can be done locally on the user's machine oron Singularity Hub. The resulting image can then be securely executed on anymachine with Singularity installed. Reproduction of results has never beeneasier: a user can now share a single Singularity image file that will ensurea consistent execution environment wherever it is run. This presentation will provide an in-depth look at how Singularity is able tosecurely run user containers on HPC systems. After a brief introduction toSingularity and its relationship to other container solutions, the details ofSingularity's runtime will be explored. The way that Singularity leveragesLinux features such as namespaces, bind mounts, and SUID binaries will bediscussed in further detail as well. Singularity is an open source container solution being developed specificallyfor HPC environments. With Singularity, HPC users can safely bring their ownexecution environments to the cluster. Unlike other container solutions,Singularity does not require root level permissions to run containers, whichallows users to freely control what software stack they wish to use.Provisioning of a container image can be done locally on the user's machine oron Singularity Hub. The resulting image can then be securely executed on anymachine with Singularity installed. Reproduction of results has never beeneasier: a user can now share a single Singularity image file that will ensurea consistent execution environment wherever it is run. This presentation will provide an in-depth look at how Singularity is able tosecurely run user containers on HPC systems. After a brief introduction toSingularity and its relationship to other container solutions, the details ofSingularity's runtime will be explored. The way that Singularity leveragesLinux features such as namespaces, bind mounts, and SUID binaries will bediscussed in further detail as well.