[gridengine dev] [DRAFT PATCH] Enhancement: exempt certain programs from execd control

Mark Dixon m.c.dixon at leeds.ac.uk
Tue Nov 15 12:12:27 UTC 2011 

On Tue, 15 Nov 2011, William Hay wrote:
...
> As this is a fairly general facility I'm wondering if recording and
> checking the dev_t and inode_t of the exempt files somewhere as well
> as the name might be a useful double check. There are numerous weird
> and wonderful ways to manipulate file system namespaces,containers
> under Linux and other OS.  I'm not sure a file path is 100%
> trustworthy.  Adding a check that /proc/%s/exe returns the same stat
> values as the exempt file might add a bit more bulletproofing.

The initial plan was to generate a list of dev_t/inode_t coordinates when 
parsing execd_params, then use that for comparisons instead of filenames.

But then, probably unreasonably, I started getting worried about how 
portable that was across all the supported architectures and filesystems. 
I think bad memories of reiserfs3 featured here. Being lazy, I've not 
actually thought through what supported architectures and filesystems 
there are.

I figured that using filenames would neatly sidestep a world of pain.

I also figured that, if the kernel was satisfied that it had the right 
filename, it had already done the work and who was I to argue!


> As an aside it looks like porting this to work on Solaris would reduce
> to substituting /proc/%s/path/a.out for /proc/%s/exe except you don't
> have a macro for the full path only for the initial /proc bit.

Thanks - that'd fit nicely in the patch, but I'd need to get round to 
testing it first. Unlike the old days, I'm a little short on Solaris 
hosts...


> Another issue if qrsh is configured to use ssh you want to exempt the
> ssh it calls but not any random ssh processes the user starts up to
> talk to external processes.
...

I suspect this is a configuration issue, rather than something to put into 
this feature.

For example, back with 6.0 on a cluster with loose integration + ssh, I 
installed a 32-bit version of the ssh client to minimise h_vmem usage and 
help avoid the same too-many-qrsh-instances-exhausts-h_vmem issue, and 
made sure the parallel jobs found that copy first.

Would it be too much to have a special called-from-qrsh copy of ssh 
kicking around?

To be honest, I'm still puzzled why some sites use ssh instead of the 
builtin protocols. Is it X11 forwarding?

Cheers,

Mark
-- 
-----------------------------------------------------------------
Mark Dixon                       Email    : m.c.dixon at leeds.ac.uk
HPC/Grid Systems Support         Tel (int): 35429
Information Systems Services     Tel (ext): +44(0)113 343 5429
University of Leeds, LS2 9JT, UK
-----------------------------------------------------------------

More information about the dev mailing list