# Managing Container Images with Enroot Unlike traditional container engines, Enroot runs entirely in user space with no privileged daemons or root access required, making it ideal for multi-tenant and secure compute environments. Enroot executes standard **Docker or OCI images** as unprivileged user processes, unpacking each image into an isolated filesystem that can be shared across nodes.\ It preserves direct access to GPUs, high-speed interconnects, and local storage, ensuring your jobs run efficiently within containers. You don’t need to run Enroot commands directly; TensorWave Slurm handles that automatically through **Pyxis**, which integrates Enroot with familiar Slurm tools like `srun` and `sbatch`. See the [Running Containerized Jobs in Pyxis](/slurm/running-containerized-jobs-in-pyxis.md) page for info on how to run containerized workloads.\ Together, they allow you to launch containerized jobs using the same workflow you already know, with the added benefits of portability and reproducibility. *** #### **Optional: Importing an Image with Enroot** Although Pyxis automatically handles Enroot under the hood, you can manually import container images for debugging or pre-caching. Due to Kubernetes security-permissioning constraints on the login pods, container image management has to happen on the worker pods. This means operations including `docker build`, `docker pull`, and `enroot import`, must happen in a Slurm-job context. So, to build a .sqsh image locally, run `docker build` and `enroot import` with `srun`: ```bash IMG=":" # srun command to 'build' and 'import' $IMG srun --pty -N1 bash -c "docker build -f -t $IMG . && enroot import dockerd://$IMG" ``` To pull pre-built images, you can authenticate via Docker and pull/import the container image: ```bash # Login into Docker docker login -u -p # Pull and squash Docker image srun --pty -N1 bash -c "enroot import dockerd://:" ``` This workflow downloads the image, converts it into an Enroot container bundle, and runs it as an unprivileged user process. You’ll typically never need to do this when submitting jobs through Pyxis, but it’s a useful way to verify container contents or pre-stage larger images. #### Resources Enroot usage guide: --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.tensorwave.com/slurm/managing-container-images-with-enroot.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.