Is there a “multi-user” Docker mode, e.g. for scientific clusters?

Question

I want to use Docker for isolating scientific applications for the use in a HPC Unix cluster. Scientific software often has exotic dependencies so isolating them with Docker app

Answer 1

I'm also interested in this possibility with Docker, for similar reasons. There are a few of problems I can think of:

1. The Docker Daemon runs as root, providing anyone in the docker group with effective host root permissions (e.g. leak permissions by mounting host / dir as root).
2. Multi user Isolation as mentioned
3. Not sure how well this will play with any existing load balancers?

I came across Shifter which may be worth a look an partly solves #1: http://www.nersc.gov/research-and-development/user-defined-images/

Also I know there is discussion to use kernel user namespaces to provide mapping container:root --> host:non-privileged user but I'm not sure if this is happening or not.