Back to Search
Start Over
A fully unprivileged CernVM-FS
- Source :
- EPJ Web of Conferences, Vol 245, p 07012 (2020)
- Publication Year :
- 2020
- Publisher :
- EDP Sciences, 2020.
-
Abstract
- The CernVM File System provides the software and container distribution backbone for most High Energy and Nuclear Physics experiments. It is implemented as a file system in user-space (Fuse) module, which permits its execution without any elevated privileges. Yet, mounting the file system in the first place is handled by a privileged suid helper program that is installed by the Fuse package on most systems. The privileged nature of the mount system call is a serious hindrance to running CernVM-FS on opportunistic resource and supercomputers. Fortunately, recent developments in the Linux kernel and in the Fuse user-space libraries enabled fully unprivileged mounting for Fuse file systems (as of RHEL 8), or at least outsourcing the privileged mount system call to a custom, external process. This opens the door to several, very appealing new ways to use CernVM-FS, such as a generally usable “super pilot” consisting of the pilot code bundled with Singularity and CernVM-FS, or the on-demand instantiation of unprivileged, ephemeral containers to publish new CernVM-FS content from anywhere. In this contribution, we discuss the integration of these new Linux features with CernVM-FS and show some of its most promising, new applications.
Details
- Language :
- English
- ISSN :
- 2100014X
- Volume :
- 245
- Database :
- Directory of Open Access Journals
- Journal :
- EPJ Web of Conferences
- Publication Type :
- Academic Journal
- Accession number :
- edsdoj.81b37b0233774a5281154b09e0ca4772
- Document Type :
- article
- Full Text :
- https://doi.org/10.1051/epjconf/202024507012