Charliecloud: Unprivileged Containers for User-Defined
Software Stacks in HPC
SessionSoftware for HPC Facilities
Authors
Event Type
Paper
System Software
TimeWednesday, November 15th2pm -
2:30pm
Location405-406-407
DescriptionSupercomputing centers are seeing increasing demand for
user-defined software stacks (UDSS) instead of or in
addition to the stack provided by the center. These UDSS
support user needs such as complex dependencies or build
requirements, externally required configurations,
portability, and consistency. The challenge for centers
is to provide these services in a usable manner while
minimizing the risks: security, support burden, missing
functionality, and performance. We present Charliecloud,
which uses the Linux user and mount namespaces to run
industry-standard Docker containers with no privileged
operations or daemons on center resources. Our simple
approach avoids most security risks while maintaining
access to the performance and functionality already on
offer, doing so in just 800 lines of code. Charliecloud
promises to bring an industry-standard UDSS user
workflow to existing, minimally altered HPC
resources.
Download PDF:
here
