Shane Canon

@DrDaveD I don't think this is anything we are explicitly doing in Shifter. I think the kernel doesn't allow it for some reason. But I'm not 100% certain.

I'm not certain but I think this may be the reason... From the unshare manpage... EPERM (since Linux 3.9) CLONE_NEWUSER was specified in flags and the caller is in a...

Shifter does use the mount namespace in the case where you don't use the WLM integration (which is how I was testing it). This could be a side effect of...

@DrDaveD I'll take a look. It may take me a bit to set up a test instance, but I'll try to experiment and reply.

Nikita, The latest updates added an option to use some external tools from the broader OCI community to handle pulling and unpacking images. This may be a more robust way...

Here is the documentation on the external mode option.... https://github.com/NERSC/shifter/blob/master/doc/skopeo.rst

We have a similar need. This overlaps a little with #4579. It would be useful if the submit-docker was parameterized similar to how it is for some of the other...