Hi, indeed singularity works (with some care). If they upload to dockerhub they can use singularity directly too. ATLAS users develop on their laptops and then upload to dockerhub (or gitlab) and other users can get things from there. For example singularity -s exec -C --pwd /data -B $PWD:/data docker://lukasheinrich/toyanalysis /code/run_analysis.sh 404958 recast_sample 0.00122 /data/test.root /data/workdir 30.0 is a test I'm doing to get these user containers to run on the grid. The image is not mine. SKA develops directly in singularity and use singularity hub to do similar things. cheers alessandra On 24/09/2018 16:56, Kashif Mohammad wrote: > > Hi Alessandra > > The user in our case wants to make some physics analysis fully > reproducible so it can be used at other sites/users. It’s a kind of > development work. I think the problem is that once we allow an user to > run a random image then we cannot control what they are running inside > the docker. > > At the moment the request is to run on interactive machine but I won’t > be surprised if someone will be asking to run on batch system in few > months’ time. > > Singularity looks like an option if user is willing to look into it. > > Thanks > > Kashif > > *From:*Testbed Support for GridPP member institutes > <[log in to unmask]> *On Behalf Of *Alessandra Forti > *Sent:* 24 September 2018 15:25 > *To:* [log in to unmask] > *Subject:* Re: Docker on shared interactive machine > > Sorry... it doesn't. Users can build docker images using the gitlab CI > and for some reason I thought they could use them on lxplus. > > On 24/09/2018 15:11, Alessandra Forti wrote: > > PS CERN has docker on lxplus. > > On 24/09/2018 15:07, Alessandra Forti wrote: > > Hi, > > don't higher privileges depend on what the user does in the > image? If he does normal application things he doesn't really > need higher privileges. i.e. in normal mode they cannot start > services but can run their applications and mount directories. > > cheers > alessandra > > On 24/09/2018 14:36, Kashif Mohammad wrote: > > Hi > > One of our local user wants to run docker on shared > interactive server. Docker can be run by normal user but > user has to be added to dockerroot group which has higher > privilege. I am tempted to refuse this request as > interactive machine has many mounted file system etc. > > But before refusing I thought that I should take second > opinion. Is anyone allowing users to run docker on shared > machines or is there way to run docker in more secure manner? > > Cheers > > Kashif > > ------------------------------------------------------------------------ > > To unsubscribe from the TB-SUPPORT list, click the > following link: > https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1 > > > > > -- > > Respect is a rational process. \\// > > For Ur-Fascism, disagreement is treason. (U. Eco) > > ------------------------------------------------------------------------ > > To unsubscribe from the TB-SUPPORT list, click the following link: > https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1 > > > > -- > > Respect is a rational process. \\// > > For Ur-Fascism, disagreement is treason. (U. Eco) > > ------------------------------------------------------------------------ > > To unsubscribe from the TB-SUPPORT list, click the following link: > https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1 > > > > -- > Respect is a rational process. \\// > For Ur-Fascism, disagreement is treason. (U. Eco) > > ------------------------------------------------------------------------ > > To unsubscribe from the TB-SUPPORT list, click the following link: > https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1 > > > ------------------------------------------------------------------------ > > To unsubscribe from the TB-SUPPORT list, click the following link: > https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1 > -- Respect is a rational process. \\// For Ur-Fascism, disagreement is treason. (U. Eco) ######################################################################## To unsubscribe from the TB-SUPPORT list, click the following link: https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1