ncar / inception Goto Github PK

• Sanitize setuid binaries and any other paths to root
• Write a default configuration
• Optionally copy in any drivers from the host system
  • NVIDIA
  • OFED
• Check permissions

Are you open to use yaml (see example at http://www.yaml.org/start.html) or markdown for the config file, instead of json? If so which one do you prefer? I think yaml is more appropriate, but I'm open to both.
I think json is too verbose to be nice in a config file.

Set instead of a blank environment if the user doesn't ask for something else

Due to the lack of an intermediate representation (pre-chroot filesystem), stacking mounts doesn't work due to the check_path() check. check_path operates on the host path, where the intermediate mount is in the image's tree (inside the namespace)

For example:

from: /tmp
to:/picnic,
from:/picnic
to:/picnic

(assuming /picnic doesn't exist outside the namespace).

This could be solved by presenting the admin with an option to disable the sanity checks. Otherwise, we need to pass the in-image path to check_path() only when we are stacking mounts

This is really only necessary if we assume that the image can't/shouldn't be prepared in advance

I've started an inception=login session on regular queue on Cheyenne, and I need to do some ssh localhost as follows:

csgteam@r9i2n34:~> ls -l /usr/lib64/python2.7/curses/__init__.pyc
-rw-r--r-- 1 root root 1553 Oct 29  2015 /usr/lib64/python2.7/curses/__init__.pyc
csgteam@r9i2n34:~> ssh localhost
csgteam@r9i2n34:~> ls -l /usr/lib64/python2.7/curses/
ls: cannot access /usr/lib64/python2.7/curses/: No such file or directory
csgteam@r9i2n34:~> exit

As you can see, the ssh localhost breaks something in inception and now I'm out of the container (at least disk-wise, I have not tested if I'm totally out of it).

This makes it much clunkier to use the kind of installs which I perform, which always require an ssh to localhost as a way to "clean" the environment.

• should be safe for a regular user to run (perhaps under sudo)

Is there any documentation for using this? I tried the usual place:

inception --help
-c [image_name]
-x #copy environment

and there doesn't seem to be much in the repository after install. I'd like to get a glimpse at how this works before launching on my computer :) Thank you!

Looking at the source code I can't see it, however it would be nice to have it. I remember there was an image for doing X-with-foo, but I don't recall if it was called X-with-foo or x_with_foo or XwithFoo or FooX or whatever.