Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/unioslo/socker
A wrapper for secure running of Docker containers on Slurm
https://github.com/unioslo/socker
Last synced: 26 days ago
JSON representation
A wrapper for secure running of Docker containers on Slurm
- Host: GitHub
- URL: https://github.com/unioslo/socker
- Owner: unioslo
- License: other
- Created: 2016-11-24T13:03:01.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2018-08-20T10:33:31.000Z (over 6 years ago)
- Last Synced: 2024-08-03T15:06:03.214Z (4 months ago)
- Language: Python
- Size: 1.18 MB
- Stars: 25
- Watchers: 12
- Forks: 3
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
- my-awesome - socker - :white_check_mark: A wrapper for secure running of Docker containers on Slurm (Demo/Inspiration/Interesting)
README
# socker: A wrapper for secure running of Docker containers on [Slurm](https://slurm.schedmd.com/)
Introduction
-------------
Socker is secure for enabling unprivileged users to run Docker containers. It mainly does two things:
* It enforces running containers within as the user not as root
* When it is called inside a Slurm job, it enforces the inclusion of containers in the [cgroups assigned by Slurm to the parent jobs](https://slurm.schedmd.com/cgroups.html)
Design
-------
Socker is composed of one binary that is a compiled python script. While system administrators can be members of the ``docker`` group, regular users can use Docker via Socker.
Socker operation workflow is below:
Usage
-------
* Install [Nuitka](http://nuitka.net/) with it's prerequisites (python and gcc)
* Compile socker:
```
nuitka --recurse-on socker.py
```
* Change the owner of the binary to root and enable SUID:
```bash
mv socker.exe socker
sudo chown 0:0 socker
sudo chmod +s socker
```
* Create a list of authorized images as root (you need to fix the path to the images file in socker before compiting):
```bash
sudo vim socker-images
```
* Options:
```bash
socker --help
NAME
socker - Secure runner for Docker containers
SYNOPSIS
socker run
OPTIONS
--version
show the version number and exit
-h, --help
show this help message and exit
-v, --verbose
run in verbose mode
images
List the authorized Docker images (found in socker-images)
run IMAGE COMMAND
start a container from IMAGE executing COMMAND as the user
EXAMPLES
List available images
$ socker images
Run a CentOS container and print the system release
$ socker run centos cat /etc/system-release
Run the previous command in verbose mode
$ socker -v run centos cat /etc/system-release
SUPPORT
Contact [email protected]
```
Prerequisites
--------------
* Docker 1.6+
* You MUST have a group ``docker`` and a user ``dockerroot`` who is member of ONLY the ``docker`` group. The ``docker run`` command will be executed as ``dockerroot``. [Here](https://github.com/unioslo/socker/blob/master/install-docker-centos6-beegfs.md) is an installation guide for CentOS 6 and BeeGFS
* Slurm is not a prerequisite, but if you run socker inside a Slurm job, it will put the container under Slurm's control
Support and Bug Reports
-------------------------------
Report an issue on the [issues](https://github.com/unioslo/socker/issues) section or send an email to [email protected]