[slurm-users] gres with docker problem
Chris Samuel
chris at csamuel.org
Mon Jan 7 07:54:12 MST 2019
On 7/1/19 6:11 am, Marcus Wagner wrote:
> But that means, the docker container runs outside the cgroup of the
> slurm job. Thus there exists no restriction to the container, so it can
> use all resources!
>
[...]
>
> If this is the case, in my opinion docker cannot be used on shared
> systems but only on exclusive nodes.
That's correct - because parts of Docker (currently) run as root they
can modify cgroups at will and apparently do. This is why things like
Shifter, CharlieCloud and Singularity exist to let this happen on HPC
systems more safely.
All the best,
Chris
--
Chris Samuel : http://www.csamuel.org/ : Berkeley, CA, USA
More information about the slurm-users
mailing list