Is there a way to run Singularity tasks as non root and still have access to sandbox

Question

Is there a way to run Singularity tasks as non root and still have access to sandbox

mikebell90 opened this issue 5 years ago · 6 comments

I'm wondering if there's a knob somewhere to make the sandbox accessible to the uid or globally (obviously the last is worse)

Answer 1 · 2019-11-20T05:52:00.000Z

Basically the question is how to set a mode/user for the sandbox?

Answer 2 · 2019-11-20T13:37:42.000Z

MESOS-8332 was the update that changed the sandbox permissions. As far as I know there is not a mesos input or flag to change the sandbox permissions per task. We do a little munging in the SingularityExecutor depending on how the users are setup (with our executor can either run the whole thing as a user, or run as root and have executor switch user, we munge sandbox permissions for the second of those), because we ran into a similar problem after that upgrade.

What version are you on and are you using the default mesos executor or the Singularity one?

Answer 3 · 2019-11-20T15:15:47.000Z

I believe we are on singularity .23 though it might be .22. We use the default mesos executor . I’m gleaning you are saying yes there might be a way but only on singularity executor

Answer 4 · 2019-11-20T15:19:29.000Z

hmm, the default mesos slave + executor should already be setting the permissions correctly for a non-root user to utilize the sandbox. What mesos version as well?

Answer 5 · 2019-11-21T13:52:49.000Z

I’ll try to check tomorrow thanks

Answer 6 · 2020-02-25T21:02:12.000Z

Wasn't able to get this working, but we no longer need this so clearing your board.