A wrapper for secure running of Docker containers on Slurm
Switch branches/tags
Nothing to show
Clone or download
Latest commit fd4278e Aug 20, 2018


socker: A wrapper for secure running of Docker containers on Slurm


Socker is secure for enabling unprivileged users to run Docker containers. It mainly does two things:


Socker is composed of one binary that is a compiled python script. While system administrators can be members of the docker group, regular users can use Docker via Socker.

Socker operation workflow is below:


  • Install Nuitka with it's prerequisites (python and gcc)
  • Compile socker:
nuitka --recurse-on socker.py
  • Change the owner of the binary to root and enable SUID:
mv socker.exe socker
sudo chown 0:0 socker
sudo chmod +s socker
  • Create a list of authorized images as root (you need to fix the path to the images file in socker before compiting):
sudo vim socker-images
  • Options:
socker --help 

	socker - Secure runner for Docker containers

	socker run <docker-image> <command>

		show the version number and exit
	-h, --help
		show this help message and exit
	-v, --verbose
		run in verbose mode
		List the authorized Docker images (found in socker-images)
		start a container from IMAGE executing COMMAND as the user

	List available images
		$ socker images
	Run a CentOS container and print the system release
		$ socker run centos cat /etc/system-release
	Run the previous command in verbose mode
		$ socker -v run centos cat /etc/system-release

	Contact hpc-drift@usit.uio.no


  • Docker 1.6+
  • You MUST have a group docker and a user dockerroot who is member of ONLY the docker group. The docker run command will be executed as dockerroot. Here is an installation guide for CentOS 6 and BeeGFS
  • Slurm is not a prerequisite, but if you run socker inside a Slurm job, it will put the container under Slurm's control

Support and Bug Reports

Report an issue on the issues section or send an email to azab@usit.uio.no