Close

14 maggio 2020

Rootless containers – UDocker

ROOTLESS CONTAINERS

Rootless containers

Rootless containers refers to the ability for an unprivileged user to create, run and otherwise manage containers

Why rootless containers

  • To mitigate potential vulnerability of container runtimes and orchestrator
  • To allow users of VMs to run containers withouth the risk of breaking other users environments

UDocker

udocker is a basic user tool to execute simple docker containers in user space without requiring root privileges. Enables download and execution of docker containers by non-privileged users in Linux systems where docker is not available.

UDocker advantages

  • Provides a docker like command line interface
  • It doesn’t require docker
  • Supports a subset of docker commands: search, pull, import, export, load, save, create and run
  • Understands docker container metadata
  • Allows loading of docker and OCI containers
  • Can be deployed by the end-user
  • Does not require privileges for installation
  • Does not require privileges for execution
  • Does not require compilation, just transfer the Python script and run
  • Encapsulates several tools and execution methods
  • Includes the required tools already statically compiled to work across systems
  • Tested with GPGPU and MPI applications
  • Runs both on new and older Linux distributions including: CentOS 6, CentOS 7, CentOS 8, Ubuntu 14, Ubuntu 16, Ubuntu 18, Fedora, etc

Install UDocker

You can choose to install UDocker in many ways as they say in the installation guide -> https://github.com/indigo-dc/udocker/blob/master/doc/installation_manual.md

Personally i’ve chosed the tarball way, so the commands are:

  curl https://raw.githubusercontent.com/jorge-lip/udocker-builds/master/tarballs/udocker-1.1.4.tar.gz > udocker-1.1.4.tar.gz
  export UDOCKER_TARBALL=$(pwd)/udocker-1.1.4.tar.gz
  tar xzvf $UDOCKER_TARBALL udocker
  chmod u+rx udocker
  ./udocker install
  mv ./udocker $HOME/bin/   # move the executable to your preferred location for binaries

 

You can now check your udocker installation using:

udocker --version

version: 1.1.4
tarball: /YOUR_PATH/udocker/udocker-1.1.4.tar.gz
tarball_release: 1.1.4

Use UDocker

In this example we assume that you already have a Docker image locally.

 

0. First af all find your Docker image name using:

docker images

1. Export your docker image from Docker

sudo docker save -o {imageName} {imageName}

2. Import your docker image to UDocker

udocker load -i {imageName}

3. Create UDocker container

./udocker create --name={containerName} {imageName}

4. Run UDocker container

udocker run -v /left:/right {containerName}

 


 

Author: Yuri Bacciarini

Info or suggestion to y.bacciarini -at- quidinfo.it

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *