-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use non-root location #429
Conversation
change to use a non-root location to help with singularity
@@ -25,7 +25,7 @@ dependencies: | |||
test: | |||
override: | |||
# Test mriqcp | |||
- docker run -i -v /etc/localtime:/etc/localtime:ro -v ${CIRCLE_TEST_REPORTS}:/scratch -w /root/src/mriqc --entrypoint="/usr/bin/run_tests" mriqc:py35 : | |||
- docker run -i -v /etc/localtime:/etc/localtime:ro -v ${CIRCLE_TEST_REPORTS}:/scratch -w /opt/src/mriqc --entrypoint="/usr/bin/run_tests" mriqc:py35 : |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@oesteban - do you want the workdir to be /src/mriqc or sth like /workdir ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't have a preference, it is ok right now
Interesting. Does Singularity mount /root on your system?
…On Mar 15, 2017 8:35 AM, "Oscar Esteban" ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In circle.yml
<#429 (comment)>:
> @@ -25,7 +25,7 @@ dependencies:
test:
override:
# Test mriqcp
- - docker run -i -v /etc/localtime:/etc/localtime:ro -v ${CIRCLE_TEST_REPORTS}:/scratch -w /root/src/mriqc --entrypoint="/usr/bin/run_tests" mriqc:py35 :
+ - docker run -i -v /etc/localtime:/etc/localtime:ro -v ${CIRCLE_TEST_REPORTS}:/scratch -w /opt/src/mriqc --entrypoint="/usr/bin/run_tests" mriqc:py35 :
I don't have a preference, it is ok right now
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#429 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAOkp0K0h01hr-dfmzJyTnSkGQbw9tf0ks5rmAVTgaJpZM4MeAns>
.
|
singularity shows a root folder but as a user we don't have access. |
So this is more of permissions issue then. MRIQC operates under root user so even if you put the code in /opt it might not solve the issue. Both docker2singularity and docker2singularity.py change permissions when importing containers from docker hub to avoid such problems. |
the docker user doesn't matter in singularity context, but |
Doesn't Dockerfile user influence the ownership of files in the container image deposited on Docker Hub which would be a problem when those files are downloaded by singularity? |
not really, because we are using singularity as an executable effectively, so as long as things are readable we are ok. now if you try to write to some location that's not accessible to the user, they one can run into issues, but containers should be very clear as to where they are writing. |
Sorry to drag this on. I'm still trying to understand this since a) we did not run into this problem when running mriqc with singularity b) I need to know if we need to change anything about BIDS Apps.
|
re: 1 essentially host also for docker images, i just learned that %setup executes before downloading docker layers, so i can't use it (at least presently) to even move the src out. re: 2 well one can violate singularity's isolation using paths and other things. so we generally recommend the |
re re 1
This seem like something that could be improved in the singularity
bootstrap process
re re 2
From what I understand `-c` "disables the automatic sharing of writable
filesystems on your host" and should not influence how
environment variables are taken care of.
For example:
[chrisgor@sherlock-ln02 login_node ~]$ export TEST="bla"
[chrisgor@sherlock-ln02 login_node ~]$ singularity shell -c
/share/PI/russpold/s
ingularity_images/poldracklab_fmriprep_0.2.0-2017-01-13-d683f2e7a780.img
Singularity: Invoking an interactive shell within container...
Singularity.poldracklab_fmriprep_0.2.0-2017-01-13-d683f2e7a780.img> $ echo
$TEST
bla
This also makes me wonder how are you reading/writing data if you are using
-c.
…On Wed, Mar 15, 2017 at 1:44 PM, Satrajit Ghosh ***@***.***> wrote:
re: 1
/root is special with respect to bootstrap. since all creation/editing
commands are run as root
essentially host /root gets mounted in during bootstrap. therefore /root
from the container doesn't show up during the bootstrap post process.
also for docker images, i just learned that %setup executes before
downloading docker layers, so i can't use it (at least presently) to even
move the src out.
re: 2
well one can violate singularity's isolation using paths and other things.
so we generally recommend the -c flag by default to prevent things like
PYTHONPATH and external executables from contaminating the environment. we
create the mental image of an immutable binary file.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#429 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAOkp-2GWNrpVeWsKXIdJEs262usw0SRks5rmE2TgaJpZM4MeAns>
.
|
re: 1 - yes it will be handled post 2.3 release re: 2 - you can still use i agree variables will go through but are likely to have less impact without |
change to use a non-root location to help with singularity