Singularity: The Inner Workings of Securely Running User Containers on HPC Systems

Print Friendly, PDF & Email

Michael Bauer from Sylabs

In this video from FOSDEM’17, Michael Bauer presents: Singularity – The Inner Workings of Securely Running User Containers on HPC Systems.

“Singularity is an open source container solution being developed specifically for HPC environments. With Singularity, HPC users can safely bring their own execution environments to the cluster. Unlike other container solutions,Singularity does not require root level permissions to run containers, which allows users to freely control what software stack they wish to use.Provisioning of a container image can be done locally on the user’s machine or on Singularity Hub. The resulting image can then be securely executed on any machine with Singularity installed. Reproduction of results has never been easier: a user can now share a single Singularity image file that will ensure a consistent execution environment wherever it is run.

This presentation will provide an in-depth look at how Singularity is able to securely run user containers on HPC systems. After a brief introduction to Singularity and its relationship to other container solutions, the details of Singularity’s runtime will be explored. The way that Singularity leverages Linux features such as namespaces, bind mounts, and SUID binaries will be discussed in further detail as well.”

Michael Bauer is a software engineer at Sylabs. Michael is a container expert who has been with the Singularity development team for almost two years before the creation of Sylabs: first as an open source contributor, then as a full time employee at RStor. Michael is currently leading the partial migration of Singularity to Go.

Check out our insideHPC Events Calendar