Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] set docker user ID


On Jan 18, 2016, at 9:34 AM, Michael V Pelletier <Michael.V.Pelletier@xxxxxxxxxxxx> wrote:

From: Matthias Schnepf <udcqn@xxxxxxxxxxxxxxx>
Date: 01/18/2016 09:27 AM

> My question is: is there an option in HTCondor to set the user ID for
> the docker container?
Your workaround may be the way to go for the moment - looks like they just added user namespaces recently and it will be available in Docker 1.10 slated for next month.

https://integratedcode.us/2015/10/13/user-namespaces-have-arrived-in-docker/


Hi,

User namespaces still tend to be turned off in many distributions: itâs a pretty big security change and thereâs been a lot of road-bumps.

Ubuntu has been the most aggressive in enabling them, leading to the following root-level exploit:


While I really enjoy having them on my development desktop, I suspect itâll take a bit to see them out on clusters.  So, it might be a bit more than a month...

Brian