Re: [Condor-users] HOSTALLOW_CONFIG in STARTD_EXPRS

[Matt Hope <matthew.hope@xxxxxxxxx>]

On 4/13/05, Thomas Lisson <lisson@xxxxxxxxxxxxxxxxx> wrote:
> hello
> 
> Such a "dynamic" pool needs security. We must have the possibility to
> put out computers from our pool or don't let a specific computer execute
> jobs. To provide this, I have included a new ad MAY_EXECUTE=true in the
> config file and add it to the REQUIREMENTS (MAY_EXECUTE==TRUE) of my
> jobs. So I can exclude computers from executing by setting the
> MAY_EXECUTE value to false by condor_config_val.
> 

Errm - aren't you approaching this from the wrong point of view.
Surely the submitting user should indicate if they want to allow their
job to run on an untrusted machine or not *and which machines they
trust*.

This can be done in several ways:
if the submitting user knows the trsted machines to be allowed simply
place this into the requirements expression.

If this list changes relatively often (additions not deletions) then
this may be placed into a config file autoupdated by the trust
controller and macro instered into the requirements.

If the list changes post submission (again mainly additions) then
qediting the non runnning jobs requirements expression (if need be by
a scheduled task) will achieve this.

Matt