{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T10:35:28Z","timestamp":1771065328810,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":40,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,11,12]],"date-time":"2017-11-12T00:00:00Z","timestamp":1510444800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000015","name":"U.S. Department of Energy","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000015","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,11,12]]},"DOI":"10.1145\/3126908.3126925","type":"proceedings-article","created":{"date-parts":[[2017,11,8]],"date-time":"2017-11-08T21:02:30Z","timestamp":1510174950000},"page":"1-10","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":93,"title":["Charliecloud"],"prefix":"10.1145","author":[{"given":"Reid","family":"Priedhorsky","sequence":"first","affiliation":[{"name":"High Performance Computing Division"}]},{"given":"Tim","family":"Randles","sequence":"additional","affiliation":[{"name":"High Performance Computing Division"}]}],"member":"320","published-online":{"date-parts":[[2017,11,12]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Amazon Web Services Inc. 2015. An introduction to high performance computing on AWS. White paper. Amazon Web Services Inc. https:\/\/d0.awsstatic.com\/whitepapers\/Intro_to_HPC_on_AWS.pdf Amazon Web Services Inc. 2015. An introduction to high performance computing on AWS. White paper. Amazon Web Services Inc. https:\/\/d0.awsstatic.com\/whitepapers\/Intro_to_HPC_on_AWS.pdf"},{"key":"e_1_3_2_1_2_1","unstructured":"Evan Andersen. 2016. How Nvidia breaks Chrome incognito. (Jan. 2016). https:\/\/charliehorse55.wordpress.com\/2016\/01\/09\/how-nvidia-breaks-chrome-incognito\/ Evan Andersen. 2016. How Nvidia breaks Chrome incognito. (Jan. 2016). https:\/\/charliehorse55.wordpress.com\/2016\/01\/09\/how-nvidia-breaks-chrome-incognito\/"},{"key":"e_1_3_2_1_3_1","unstructured":"Diego Calleja. 2013. Linux 3.8. (April 2013). http:\/\/kernelnewbies.org\/Linux_3.8 Diego Calleja. 2013. Linux 3.8. (April 2013). http:\/\/kernelnewbies.org\/Linux_3.8"},{"key":"e_1_3_2_1_4_1","volume-title":"Setuid Demystified. In USENIX Security Symposium. http:\/\/crypto.stanford.edu\/cs155\/papers\/setuid-usenix02","author":"Chen Hao","year":"2002"},{"key":"e_1_3_2_1_5_1","unstructured":"CoreOS Inc. 2017. rkt 1.25.0 documentation. (2017). https:\/\/coreos.com\/rkt\/docs\/1.25.0\/ CoreOS Inc. 2017. rkt 1.25.0 documentation. (2017). https:\/\/coreos.com\/rkt\/docs\/1.25.0\/"},{"key":"e_1_3_2_1_6_1","unstructured":"Docker Inc. 2016. Dockerfile reference. Documentation. Docker Inc. https:\/\/docs.docker.com\/engine\/reference\/builder\/ Docker Inc. 2016. Dockerfile reference. Documentation. Docker Inc. https:\/\/docs.docker.com\/engine\/reference\/builder\/"},{"key":"e_1_3_2_1_7_1","unstructured":"Docker Inc. 2017. Docker Docs. Documentation. Docker Inc. https:\/\/docs.docker.com Docker Inc. 2017. Docker Docs. Documentation. Docker Inc. https:\/\/docs.docker.com"},{"key":"e_1_3_2_1_8_1","volume-title":"USENIX System Administration Conference. http:\/\/modules.sourceforge.net\/docs\/absmod.pdf","author":"John"},{"key":"e_1_3_2_1_9_1","unstructured":"Tyler Hicks. 2017. CVE-2017-7184: kernel: Local privilege escalation in XFRM framework. (March 2017). http:\/\/seclists.org\/oss-sec\/2017\/q1\/689 Tyler Hicks. 2017. CVE-2017-7184: kernel: Local privilege escalation in XFRM framework. (March 2017). http:\/\/seclists.org\/oss-sec\/2017\/q1\/689"},{"key":"e_1_3_2_1_10_1","unstructured":"Solomon Hykes. 2015. Introducing runC: A lightweight universal container runtime. (June 2015). https:\/\/blog.docker.com\/2015\/06\/runc Solomon Hykes. 2015. Introducing runC: A lightweight universal container runtime. (June 2015). https:\/\/blog.docker.com\/2015\/06\/runc"},{"key":"e_1_3_2_1_11_1","unstructured":"Intel Corporation 2016. Intel\u00ae MPI benchmarks: User guide and methodology description. Documentation. Intel Corporation. https:\/\/software.intel.com\/sites\/default\/files\/managed\/66\/e8\/IMB_Users_Guide.pdf Intel Corporation 2016. Intel \u00ae MPI benchmarks: User guide and methodology description. Documentation. Intel Corporation. https:\/\/software.intel.com\/sites\/default\/files\/managed\/66\/e8\/IMB_Users_Guide.pdf"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/CloudCom.2010.69"},{"key":"e_1_3_2_1_13_1","unstructured":"Doug Jacobsen and Shane Canon. 2015. Contain this unleashing Docker for HPC. (May 2015). http:\/\/www.nersc.gov\/assets\/Uploads\/nersc-brownbag-docker-jacobsen-canon.pdf Doug Jacobsen and Shane Canon. 2015. Contain this unleashing Docker for HPC. (May 2015). http:\/\/www.nersc.gov\/assets\/Uploads\/nersc-brownbag-docker-jacobsen-canon.pdf"},{"key":"e_1_3_2_1_14_1","unstructured":"Douglas M. Jacobsen and Richard Shane Canon. 2015. Contain this unleashing Docker for HPC. In Cray User Group. http:\/\/www.nersc.gov\/assets\/Uploads\/cug2015udi.pdf Douglas M. Jacobsen and Richard Shane Canon. 2015. Contain this unleashing Docker for HPC. In Cray User Group. http:\/\/www.nersc.gov\/assets\/Uploads\/cug2015udi.pdf"},{"key":"e_1_3_2_1_15_1","volume-title":"Ottawa Linux Symposium (OLS). https:\/\/www.kernel.org\/doc\/ols\/2010\/ols2010-pages-109-120","author":"Jujjuri Venkateswararao","year":"2010"},{"key":"e_1_3_2_1_16_1","unstructured":"Michael Kerrisk. 2013. Namespaces in operation part 1: Namespaces overview. Linux Weekly News (Jan. 2013). https:\/\/lwn.net\/Articles\/531114\/ Michael Kerrisk. 2013. Namespaces in operation part 1: Namespaces overview. Linux Weekly News (Jan. 2013). https:\/\/lwn.net\/Articles\/531114\/"},{"key":"e_1_3_2_1_17_1","unstructured":"Michael Kerrisk. 2013. Namespaces in operation part 5: User namespaces. Linux Weekly News (Feb. 2013). https:\/\/lwn.net\/Articles\/532593\/ Michael Kerrisk. 2013. Namespaces in operation part 5: User namespaces. Linux Weekly News (Feb. 2013). https:\/\/lwn.net\/Articles\/532593\/"},{"key":"e_1_3_2_1_18_1","unstructured":"Michael Kerrisk et al. 2015. pid_namespaces(7). Man page. http:\/\/man7.org\/linux\/man-pages\/man7\/pid_namespaces.7.html Michael Kerrisk et al. 2015. pid_namespaces(7). Man page. http:\/\/man7.org\/linux\/man-pages\/man7\/pid_namespaces.7.html"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"crossref","unstructured":"Michael Kerrisk et al. 2016. chroot(2). Man page. http:\/\/man7.org\/linux\/man-pages\/man2\/chroot.2.html Michael Kerrisk et al. 2016. chroot(2). Man page. http:\/\/man7.org\/linux\/man-pages\/man2\/chroot.2.html","DOI":"10.1109\/MSMC.2016.2564778"},{"key":"e_1_3_2_1_20_1","unstructured":"Michael Kerrisk et al. 2016. clone(2). Man page. http:\/\/man7.org\/linux\/man-pages\/man2\/clone.2.html Michael Kerrisk et al. 2016. clone(2). Man page. http:\/\/man7.org\/linux\/man-pages\/man2\/clone.2.html"},{"key":"e_1_3_2_1_21_1","unstructured":"Michael Kerrisk et al. 2016. namespaces(7). Man page. http:\/\/man7.org\/linux\/man-pages\/man7\/namespaces.7.html Michael Kerrisk et al. 2016. namespaces(7). Man page. http:\/\/man7.org\/linux\/man-pages\/man7\/namespaces.7.html"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","unstructured":"Michael Kerrisk et al. 2016. setns(2). Man page. http:\/\/man7.org\/linux\/man-pages\/man2\/setns.2.html Michael Kerrisk et al. 2016. setns(2). Man page. http:\/\/man7.org\/linux\/man-pages\/man2\/setns.2.html","DOI":"10.1109\/MSMC.2016.2564778"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"crossref","unstructured":"Michael Kerrisk et al. 2016. unshare(2). Man page. http:\/\/man7.org\/linux\/man-pages\/man2\/unshare.2.html Michael Kerrisk et al. 2016. unshare(2). Man page. http:\/\/man7.org\/linux\/man-pages\/man2\/unshare.2.html","DOI":"10.1109\/MSMC.2016.2564778"},{"key":"e_1_3_2_1_24_1","unstructured":"Michael Kerrisk et al. 2016. user_namespaces(7). Man page. http:\/\/man7.org\/linux\/man-pages\/man7\/user_namespaces.7.html Michael Kerrisk et al. 2016. user_namespaces(7). Man page. http:\/\/man7.org\/linux\/man-pages\/man7\/user_namespaces.7.html"},{"key":"e_1_3_2_1_25_1","unstructured":"Gregory M. Kurtzer. 2016. Singularity. (July 2016). http:\/\/singularity.lbl.gov\/ Gregory M. Kurtzer. 2016. Singularity. (July 2016). http:\/\/singularity.lbl.gov\/"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"crossref","unstructured":"Ning Liu Jason Cope Philip Carns Christopher Carothers Robert Ross Gary Grider Adam Crume and Carlos Maltzahn. 2012. On the role of burst buffers in leadership-class storage systems. In Mass Storage Systems and Technologies (MSST). Ning Liu Jason Cope Philip Carns Christopher Carothers Robert Ross Gary Grider Adam Crume and Carlos Maltzahn. 2012. On the role of burst buffers in leadership-class storage systems. In Mass Storage Systems and Technologies (MSST).","DOI":"10.1109\/MSST.2012.6232369"},{"key":"e_1_3_2_1_27_1","unstructured":"Scott Lowe. 2009. What is SR-IOV? (Dec. 2009). http:\/\/blog.scottlowe.org\/2009\/12\/02\/what-is-sr-iov\/ Scott Lowe. 2009. What is SR-IOV? (Dec. 2009). http:\/\/blog.scottlowe.org\/2009\/12\/02\/what-is-sr-iov\/"},{"key":"e_1_3_2_1_28_1","article-title":"UNIX time-sharing system","volume":"67","author":"McIlroy Doug","year":"1978","journal-title":"Foreword. Bell System Technical Journal"},{"key":"e_1_3_2_1_29_1","unstructured":"Open Container Initiative 2016. About. Mission statement. Open Container Initiative. https:\/\/www.opencontainers.org\/about Open Container Initiative 2016. About. Mission statement. Open Container Initiative. https:\/\/www.opencontainers.org\/about"},{"key":"e_1_3_2_1_30_1","unstructured":"Larry Pezzaglia. 2012. CHOS in production. (April 2012). https:\/\/www.nersc.gov\/assets\/pubs_presos\/chos.pdf Larry Pezzaglia. 2012. CHOS in production. (April 2012). https:\/\/www.nersc.gov\/assets\/pubs_presos\/chos.pdf"},{"key":"e_1_3_2_1_31_1","unstructured":"Red Hat Inc. 2016. CVE-2016-10208. (Nov. 2016). https:\/\/access.redhat.com\/security\/cve\/cve-2016-10208 Red Hat Inc. 2016. CVE-2016-10208. (Nov. 2016). https:\/\/access.redhat.com\/security\/cve\/cve-2016-10208"},{"key":"e_1_3_2_1_32_1","unstructured":"Reventlov. 2015. Using the docker command to root the host (totally not a security issue). (April 2015). http:\/\/reventlov.com\/advisories\/using-the-docker-command-to-root-the-host Reventlov. 2015. Using the docker command to root the host (totally not a security issue). (April 2015). http:\/\/reventlov.com\/advisories\/using-the-docker-command-to-root-the-host"},{"key":"e_1_3_2_1_33_1","unstructured":"Rami Rosen. 2016. Namespaces and cgroups the basis of Linux containers. (Feb. 2016). http:\/\/www.netdevconf.org\/1.1\/proceedings\/slides\/rosen-namespaces-cgroups-lxc.pdf Rami Rosen. 2016. Namespaces and cgroups the basis of Linux containers. (Feb. 2016). http:\/\/www.netdevconf.org\/1.1\/proceedings\/slides\/rosen-namespaces-cgroups-lxc.pdf"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"crossref","unstructured":"Cristian Ruiz Emmanuel Jeanvoine and Lucas Nussbaum. 2015. Performance evaluation of containers for HPC. In Euro-Par 2015: Parallel Processing Workshops. Cristian Ruiz Emmanuel Jeanvoine and Lucas Nussbaum. 2015. Performance evaluation of containers for HPC. In Euro-Par 2015: Parallel Processing Workshops.","DOI":"10.1007\/978-3-319-27308-2_65"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/361011.361067"},{"key":"e_1_3_2_1_36_1","unstructured":"Simes. 2002. How to break out of a chroot() jail. (May 2002). https:\/\/web.archive.org\/web\/20160209154009\/http:\/\/www.bpfh.net\/simes\/computing\/chroot-break.html Simes. 2002. How to break out of a chroot() jail. (May 2002). https:\/\/web.archive.org\/web\/20160209154009\/http:\/\/www.bpfh.net\/simes\/computing\/chroot-break.html"},{"key":"e_1_3_2_1_37_1","unstructured":"Robert Swiecki. 2016. NsJail. (Dec. 2016). https:\/\/google.github.io\/nsjail\/ Robert Swiecki. 2016. NsJail. (Dec. 2016). https:\/\/google.github.io\/nsjail\/"},{"key":"e_1_3_2_1_38_1","unstructured":"systemd contributors. 2017. systemd-nspawn. Man page. https:\/\/www.freedesktop.org\/software\/systemd\/man\/systemd-nspawn.html systemd contributors. 2017. systemd-nspawn. Man page. https:\/\/www.freedesktop.org\/software\/systemd\/man\/systemd-nspawn.html"},{"key":"e_1_3_2_1_39_1","unstructured":"Wikipedia editors. 2016. Virtualization. (Feb. 2016). https:\/\/en.wikipedia.org\/w\/index.php?title=Virtualization&oldid=704408822 Wikipedia editors. 2016. Virtualization. (Feb. 2016). https:\/\/en.wikipedia.org\/w\/index.php?title=Virtualization&oldid=704408822"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/PDP.2013.41"}],"event":{"name":"SC '17: The International Conference for High Performance Computing, Networking, Storage and Analysis","location":"Denver Colorado","acronym":"SC '17","sponsor":["SIGHPC ACM Special Interest Group on High Performance Computing, Special Interest Group on High Performance Computing","IEEE CS"]},"container-title":["Proceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3126908.3126925","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3126908.3126925","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3126908.3126925","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,26]],"date-time":"2025-06-26T23:03:08Z","timestamp":1750978988000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3126908.3126925"}},"subtitle":["unprivileged containers for user-defined software stacks in HPC"],"short-title":[],"issued":{"date-parts":[[2017,11,12]]},"references-count":40,"alternative-id":["10.1145\/3126908.3126925","10.1145\/3126908"],"URL":"https:\/\/doi.org\/10.1145\/3126908.3126925","relation":{},"subject":[],"published":{"date-parts":[[2017,11,12]]},"assertion":[{"value":"2017-11-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}