Podman updates & More Competition container security

[ObadaS]

A brief description of the purpose of the changes contained in this PR.

This PR updates the Containerfile.compute_worker_podman and Containerfile.compute_worker_podman_gpu.
Updated base image version to get the latest security fixes, removed all the unnecessary lines to create lighter images (especially the GPU image)

I also updated the compute_worker.py file to add more security and make it more compatible to Podman.

Checklist for hand testing

For Docker compute workers (compute_worker.py updates)

• Test a submission on any competition

For Podman

• Enable the podman service which will create the socket : systemctl --user enable --now podman
• Build images : podman build -t codalab/codabench_worker_podman:latest -f Containerfile.compute_worker_podman
• Create the /codabench folder
• Create the data folder inside the /codabench
• Chown it to the user that will run the podman container ( sudo chown -R user:user /codabench)
• Create the .env file
• Launch a container using the podman image we generated with the following command:

podman run -d \
 --volume /run/user/$(id -u)/podman/podman.sock:/run/user/1000/podman/podman.sock:U \
 --env-file .env \
 --name compute_worker \
 --security-opt="label=disable" \
 --userns host \
 --restart unless-stopped \
 --log-opt max-size=50m \
 --log-opt max-file=3 \
 --cap-drop all \
 --volume /codabench:/codabench:U,z \
 codalab/codabench_worker_podman:latest

• Test the compute worker by submitting something on a competition

Checklist

• Code review by me
• Hand tested by me
• I'm proud of my work
• Code review by reviewer
• Hand tested by reviewer
• Include Podman in CircleCi tests
• CircleCi tests are passing
• Ready to merge

[ObadaS]

I also wanted to note that I don't think the Circle-CI tests does anything with podman images, I am pretty sure that it only uses docker images build from Dockerfiles

[ihsaan-ullah]

✅ Test 1: Test if submission works using docker container (testing changes in compute_worker.py)