Skip to content

Latest commit

 

History

History
57 lines (42 loc) · 1.93 KB

requirements.md

File metadata and controls

57 lines (42 loc) · 1.93 KB

Requirements

The list of prerequisites for running Enroot is described below.

You can automatically check these by running the enroot-check bundle for a given release:

$ curl -fSsL -O https://github.com/NVIDIA/enroot/releases/download/v3.5.0/enroot-check_3.5.0_$(uname -m).run
$ chmod +x enroot-check_*.run

$ ./enroot-check_*.run --verify

$ ./enroot-check_*.run
Bundle ran successfully!

Kernel version

Linux Kernel >= 3.10

Kernel configuration

The following kernel configuration options must be enabled:

  • CONFIG_NAMESPACES

  • CONFIG_USER_NS

  • CONFIG_SECCOMP_FILTER

  • In order to import Docker images or use enroot-mksquashovlfs

    • CONFIG_OVERLAY_FS
  • In order to run containers with a glibc <= 2.13

    • CONFIG_X86_VSYSCALL_EMULATION
    • CONFIG_VSYSCALL_EMULATE (recommended) or CONFIG_VSYSCALL_NATIVE (or vsycall=... see below)

Kernel command line

The following kernel command line parameters must be set:

  • In order to run containers with a glibc <= 2.13

    • vsyscall=emulate (recommended) or vsyscall=native
  • On RHEL-based distributions

    • namespace.unpriv_enable=1
    • user_namespace.enable=1

Kernel settings

The following kernel settings must be set accordingly:

  • Linux 4.9 onwards

    • /proc/sys/user/max_user_namespaces must be greater than 1
    • /proc/sys/user/max_mnt_namespaces must be greater than 1
  • On some distributions (e.g. Archlinux-based, Debian-based)

    • /proc/sys/kernel/unprivileged_userns_clone must be enabled (equal to 1)
  • On some distributions (e.g. Ubuntu-based)

    • /proc/sys/kernel/apparmor_restrict_unprivileged_userns must be disabled (equal to 0) unless {datadir}/enroot/apparmor.profile is installed

GPU support (optional)