singularity icon indicating copy to clipboard operation
singularity copied to clipboard

Published 20 hours ago verified publisher icon sylabs

Non-root / Default Security Profiles

Open dtrudg opened this issue 4 years ago • 0 comments

Describe the solution you'd like SingularityCE can apply security restrictions, such as selinux rules, seccomp filters via a --security flag. However, this only works for root. Since SingularityCE focuse on non-root execution, it would be useful for optional/mandatory profiles to be applied to container runs for non-root users. This would allow security restrictions beyond the usual POSIX permissions to be mandated for container execution. Consider:

  • SElinux
  • Apparmor
  • Seccomp

dtrudg avatar Jun 03 '21 20:06 dtrudg