On 7/1/19 6:11 am, Marcus Wagner wrote:
But that means, the docker container runs outside the cgroup of the slurm job. Thus there exists no restriction to the container, so it can use all resources!
[...]
If this is the case, in my opinion docker cannot be used on shared systems but only on exclusive nodes.
That's correct - because parts of Docker (currently) run as root they can modify cgroups at will and apparently do. This is why things like Shifter, CharlieCloud and Singularity exist to let this happen on HPC systems more safely.
All the best, Chris -- Chris Samuel : http://www.csamuel.org/ : Berkeley, CA, USA
