SC24 Home
Close

Presentation

Zero-Consistency Root Emulation for Unprivileged Container Build
SessionCANOPIE-HPC: 6th International Workshop on Containers and New Orchestration Paradigms for Isolated Environments in HPC
DescriptionDo Linux distribution package managers need the privileged operations they request to actually happen? Apparently not, at least when building container images for HPC applications. We use this observation to implement a root emulation mode using a Linux seccomp filter that intercepts some privileged system calls, does nothing, and returns success to the calling program. This approach provides no consistency whatsoever but appears sufficient to build a wide selection of Dockerfiles, including one that Docker itself cannot build, simplifying fully-unprivileged workflows needed for HPC application containers.
Author/Presenters
Reid Priedhorsky
Los Alamos National Laboratory (LANL)
Michael Jennings
Los Alamos National Laboratory (LANL)
Megan Phinney
Los Alamos National Laboratory (LANL)
Event Type
Workshop
TimeSunday, 17 November 20242:30pm - 3pm EST
LocationB313
Tags
Cloud Computing
Middleware and System Software
State of the Practice
Registration Categories
W
Archive view
Next PresentationNext Presentation
Afternoon Break
Similar Presentations
Containerized Checkpoint-Restart Mechanisms for HPC
Comparative Analysis of a Containerized Compilation Process Versus Bare-Metal Compilation Runs
Deploying Containers on Secure HPC Systems