Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

’Docker-like’ mode #75

Closed
dtrudg opened this issue Jun 3, 2021 · 0 comments · Fixed by #235
Closed

’Docker-like’ mode #75

dtrudg opened this issue Jun 3, 2021 · 0 comments · Fixed by #235
Assignees
Labels
enhancement New feature or request roadmap Features / changes that are scheduled to be implemented

Comments

@dtrudg
Copy link
Member

dtrudg commented Jun 3, 2021

Is your feature request related to a problem? Please describe.
Users may run docker:// containers, be surprised when the lack of $HOME isolation etc. impacts behavior, and not understand which flags are needed to resolve issues.

Describe the solution you'd like
By default, SingularityCE runs containers far less isolated from the host than Docker - relying on system restrictions on the user. This is very convenient for traditional HPC-like jobs, but some Docker containers can have conflicts with files and other things that enter the container from the host. We have a number of flags such as --contain to work around this, but it’s often unclear which are needed. A shortcut to apply the most ‘docker-like’, but practical configuration would be useful.

Describe alternatives you've considered
Documentation improvements could assist the issue by providing better guidance, but a single flag for docker like behavior is a more accessible solution.

@dtrudg dtrudg added the enhancement New feature or request label Jun 3, 2021
@dtrudg dtrudg added the roadmap Features / changes that are scheduled to be implemented label Jul 2, 2021
@dtrudg dtrudg added this to the SingularityCE 3.9.0 milestone Jul 2, 2021
@dtrudg dtrudg self-assigned this Jul 2, 2021
dtrudg referenced this issue in dtrudg/singularity Aug 11, 2021
It is common for users to run docker containers that expect more
isolation than is default in Singularity, and that can create files on
startup. This is a simple short-hand to enable `--contain-all,
--no-init, --no-umask, --writable-tmpfs`. These options give the best
change of an OCI/Docker container working as expected but *without*
requiring the user/uts/net namespaces that we can't rely on in all
installations / configurations of SingularityCE.

Fixes: #75
dtrudg referenced this issue in dtrudg/singularity Aug 11, 2021
It is common for users to run docker containers that expect more
isolation than is default in Singularity, and that can create files on
startup. This is a simple short-hand to enable `--contain-all,
--no-init, --no-umask, --writable-tmpfs`. These options give the best
chance of an OCI/Docker container working as expected but *without*
requiring the user/uts/net namespaces that we can't rely on in all
installations / configurations of SingularityCE.

Fixes: #75
dtrudg referenced this issue in dtrudg/singularity Aug 11, 2021
It is common for users to run docker containers that expect more
isolation than is default in Singularity, and that can create files on
startup. This is a simple short-hand to enable `--contain-all,
--no-init, --no-umask, --writable-tmpfs`. These options give the best
chance of an OCI/Docker container working as expected but *without*
requiring the user/uts/net namespaces that we can't rely on in all
installations / configurations of SingularityCE.

Fixes: #75
dtrudg referenced this issue in dtrudg/singularity Aug 11, 2021
It is common for users to run docker containers that expect more
isolation than is default in Singularity, and that can create files on
startup. This is a simple short-hand to enable `--contain-all,
--no-init, --no-umask, --writable-tmpfs`. These options give the best
chance of an OCI/Docker container working as expected but *without*
requiring the user/uts/net namespaces that we can't rely on in all
installations / configurations of SingularityCE.

Fixes: #75
DrDaveD pushed a commit to DrDaveD/singularity that referenced this issue Oct 6, 2021
It is common for users to run docker containers that expect more
isolation than is default in Singularity, and that can create files on
startup. This is a simple short-hand to enable `--contain-all,
--no-init, --no-umask, --writable-tmpfs`. These options give the best
chance of an OCI/Docker container working as expected but *without*
requiring the user/uts/net namespaces that we can't rely on in all
installations / configurations of Singularity.

Fixes: sylabs/singularity#75
DrDaveD pushed a commit to DrDaveD/singularity that referenced this issue Oct 8, 2021
It is common for users to run docker containers that expect more
isolation than is default in Singularity, and that can create files on
startup. This is a simple short-hand to enable `--contain-all,
--no-init, --no-umask, --writable-tmpfs`. These options give the best
chance of an OCI/Docker container working as expected but *without*
requiring the user/uts/net namespaces that we can't rely on in all
installations / configurations of Singularity.

Fixes: sylabs/singularity#75
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request roadmap Features / changes that are scheduled to be implemented
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant