Container use for users not in the lxd group? And authorization

I work at a research institution and we’ve recently run into a number of cases where specific user groups are wanting to analyze data governed by a CDCP (Confidential Data Control Plan). This basically means that they are guaranteeing that no one outside of a designated group will have any access to this data. The analysis involves ML using GPUs on multi-user linux machines also used by users not covered under the CDCP. So this seems like an ideal use case for an LXD container. What I know I can do now is add authorized researchers to the lxd group on this machine (and no one else), create a passthrough for the desired number of GPUs, and create individual user accounts in the container. They can then copy the data over to the container as an encrypted file, loop mount it in the container, and then work on the data privately. What’s not convenient about having all the researchers in the lxd group is that any of these users can then do anything, including connecting to the container as another authorized user or root, since lxd exec -- su -l user1 doesn’t require authentication, so there’s nothing stopping user2 from connecting as user1. Not a deal killer, just not ideal. Here is what would be ideal, though, moving forward since we seem to be seeing more and more of these CDCP restricted data sets:

  • I or some other sys admin is the only member of the lxd group and users defined in the container can still connect to the container via authentication against /etc/passwd or LDAP using /etc/security/access.conf restrictions and giving only a subset of users sudo access for installing packages, code, and models.
  • Alternatively, just having the ability to require user authentication to connect to the container so that users are constrained to using their own container accounts would be helpful.
  • Absolute best would be the ability to have different LXD container groups with different authorization regimes, so we can set this up for different user groups with different confidential data sets simultaneously.

I’m trying to understand if there is any way to do this or if it’s simply impossible, and why it’s impossible.

Here’s a video on how to deal with multi-user systems:

Thank you!