Some of the containers require access to the Docker sock in order to dynamically create containers with the appropriate mounts w.r.t. the host system. We've mostly focused on Debian based systems, and having the launching user be in the

docker

group is sufficient. Alternatively, the user can invoke

./orchest <command>

commands where

sudo

is used when we detect the user has no access to the Docker

.sock

. We're very open to improving this to be more compatible with e.g. Fedora Linux and security features like SELinux. Would gladly pick your brain sometime if you see any particular areas for improvement.