[gridengine dev] [DRAFT PATCH] Enhancement: exempt certain programs from execd control
William Hay
w.hay at ucl.ac.uk
Tue Nov 15 11:16:27 UTC 2011
On 15 November 2011 09:54, Mark Dixon <m.c.dixon at leeds.ac.uk> wrote:
> On Tue, 15 Nov 2011, William Hay wrote:
> ...
>>> Cheers William. Does this mean you no longer object to the approach taken
>>> by my patch, or do you have other concerns?
>>>
>> No objections as such now you just need to convince someone who
>> actually maintains a Grid Engine fork.
> ...
>
> :)
>
> Thanks William, I'm pleased I've passed an initial sanity test for the
> idea - I appreciate the time you've put into it.
As this is a fairly general facility I'm wondering if recording and
checking the dev_t and inode_t of the exempt files somewhere as well
as the name might be a useful double check. There are numerous weird
and wonderful ways to manipulate file system namespaces,containers
under Linux and other OS. I'm not sure a file path is 100%
trustworthy. Adding a check that /proc/%s/exe returns the same stat
values as the exempt file might add a bit more bulletproofing.
As an aside it looks like porting this to work on Solaris would reduce
to substituting /proc/%s/path/a.out for /proc/%s/exe except you don't
have a macro for the full path only for the initial /proc bit.
Another issue if qrsh is configured to use ssh you want to exempt the
ssh it calls but not any random ssh processes the user starts up to
talk to external processes.
William
>
> Is there anyone from SoGE/OGS/Univa on this list who would care to comment
> on the patch?
>
> I'd really rather not keep this development to myself and I'd like to
> finish it to a state where it's useful to more than just my site. There
> are also other things I'd like to do with the GE source, which I'll make
> available.
>
> It's a strange dev list if there are no devs on it...
>
> TTFN
>
> Mark
> --
> -----------------------------------------------------------------
> Mark Dixon Email : m.c.dixon at leeds.ac.uk
> HPC/Grid Systems Support Tel (int): 35429
> Information Systems Services Tel (ext): +44(0)113 343 5429
> University of Leeds, LS2 9JT, UK
> -----------------------------------------------------------------
>
>
>
More information about the dev
mailing list