Privileged containers » History » Revision 2
Revision 1 (Peter Amstutz, 03/22/2017 06:18 PM) → Revision 2/3 (Peter Amstutz, 03/22/2017 06:22 PM)
h1. Privileged containers
Proposal: admins can submit containers than run with elevated privileges. This will allow for certain operations such as Docker-in-Docker that are disallowed with normal container privileges. For example, migrating Docker images relies on Docker-in-Docker (by installing Docker 1.9, loading the image, upgrading Docker, and then exporting the upgrade image). It may be easier for users to run a compute job rather than running an admin script.
h2. Design
In the container request:
<pre>
"runtime_constraints": {
"privileged": true
}
</pre>
The effective user associated with container request must be an admin, otherwise the container request will be rejected.
crunch-run executes container with "Privileged: true"