Skip to the content.

width:1000px

udocker - be anywhere

Advanced technical details

https://github.com/indigo-dc/udocker

Mario David david@lip.pt Jorge Gomes jorge@lip.pt

width:150px width:1200px


Programing languages and OS


Components


udocker: Execution engines - I

udocker supports several techniques to achieve the equivalent to a chroot without using privileges, to execute containers.

They are selected per container id via execution modes.


udocker: Execution engines - II

Mode Base Description
P1 PRoot PTRACE accelerated (with SECCOMP filtering): DEFAULT
P2 PRoot PTRACE non-accelerated (without SECCOMP filtering)
R1 runC/Crun rootless unprivileged using user namespaces
R2 runC/Crun rootless unprivileged using user namespaces + P1
R3 runC/Crun rootless unprivileged using user namespaces + P2
F1 Fakechroot with loader as argument and LD_LIBRARY_PATH
F2 Fakechroot with modified loader, loader as argument and LD_LIBRARY_PATH
F3 Fakechroot modified loader and ELF headers of binaries + libs changed
F4 Fakechroot modified loader and ELF headers dynamically changed
S1 Singularity where locally installed using chroot or user namespaces

udocker: PRoot engine (P1 and P2)


udocker: PRoot engine (P1)


udocker: PRoot engine (P2)


udocker: runC/crun engine (R1) - I


udocker: runC/crun engine (R1) - II


udocker: runC/crun engine (R2 and R3)

udocker run  -v /tmp myContainerId

udocker: Fakechroot engine - I


udocker: Fakechroot engine - II


udocker: Fakechroot engine - III


udocker: Fakechroot engine (F1) - I


udocker: Fakechroot engine (F1) - II


udocker: Fakechroot engine (F2) - I


udocker: Fakechroot engine (F2) - II


udocker: Fakechroot engine (F3 and F4) - I


udocker: Fakechroot engine (F3 and F4) - II


udocker: Fakechroot engine (F3 and F4) - III


Thank you!

Questions ?

udocker@lip.pt

width:200px width:1200px