Open ids1024 opened 4 years ago
Another solution, which seems attractive at first glance: Podman. It runs without a daemon and prioritizes support for rootless mode, while being compatible with docker images and providing a docker-compatible CLI. So if it works well with the official tensorflow images, it should allow for an experience closes to Rustup, without any security concerns.
Plus, the name matches nicely with "Tensorman".
It's in the repos for Fedora and CentOS, but not Debian/Ubuntu. So we would have to package it.
Edit: For example, you can run podman run -it tensorflow/tensorflow:latest python
.
It looks like Podman is included in the Universe repository for Ubuntu 20.10 Groovy, so perhaps if it works without issue, tensorman can use Podman in Pop!_OS 20.10.
Requirements for this:
podman
command instead of docker
. In principle, nothing more is needed, since Podman aims to provide a compatible CLI.docker
instead. I'd probably provide at least an undocumented command-line argument for setting the docker/podman command name to use.It may be worth it to backport podman to 20.04 because we'll be supporting 20.04 for quite a while.
Tensorman can use podman in place of docker using https://github.com/pop-os/tensorman/pull/24 with --docker-cmd podman
. Except for GPU support (which is rather essential).
--gpus=all
, which doesn't work in podman, and passes it results in an error. Just not passing this when using Podman solves this.
It seems like tensorman is expected to be run by a user in the
docker
group.This group is considered fairly problematic if handy, and isn't supported on Red Hat due to security concerns, supposing this post is still accurate. The problem is that being a member of the
docker
group can be used to gain root access to the host system.If I'm not mistaken, this makes tensorman unsuitable for use in applications where a non-administrator user should be able to use TensorFlow, which presumably is desirable for some organizations. Even for a user in
sudoers
, having a means to acquire root access without entering a password is problematic.We inherit this issue from Docker, but if the goal is to wrap it and make it easier to work with, it would be good to address this. I see a few possible solutions:
docker
group, separate from the CLIThe daemon or SUID binary would be a pain to deal with, and raise their own challenges to keep secure. Rootless mode is very attractive, and would allow everything to run under the user's account, just like Rustup. I'm not sure if the Tensorflow images would run well without issue it, since is is experimental and somewhat limited.