• Brian presented his ongoing work on Singularity as a potential solution for isolation (see slides):
  • Provides isolation (no traceability), already has enough features to replace glexec
  • Integrated with other systems: HTCondor, OSG VO, SLURM (Singularity 2.3.0)
    • Running Singularity in Singularity is not possible (due to SUID filtering)
  • OSG working on officially supporting Singularity in ~June 2017, aiming at replacing glexec (if agreed to by stakeholders)
• Singularity appears to the WG as the current best solution and is now evaluating it (upcoming actions):
  • Security reviews (due to SUID):
    • Brian did not get it accepted for review (external company doing reviews for OSG), will push it again next quarter
    • Maarteen and Vincent will follow-up with EGI
  • Testing:
    • Vincent to follow-up with the CERN site, to see if a small dedicated HTCondor cluster could have Singularity installed
    • Vincent? to follow-up with CernVM to have Singularity installed (without SUID)