Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] condor_ssh_to_job

Date: Thu, 14 Aug 2014 16:19:57 -0400
From: Rich Pieri <ratinox@xxxxxxx>
Subject: Re: [HTCondor-users] condor_ssh_to_job

Keith Brown wrote:

I will look into CGroups. I suppose I will wait until RHEL 7.2 is out then
upgrade and try out CGroups.

cgroups don't do what you think they do. Putting a process within acgroup container means that process is constrained by the limits of thecontainer, nothing more. Containers do nothing to prevent users fromexploiting local resources or privilege escalation vulnerabilities thatpermit them to escape the confines of containers.


--
Rich Pieri <ratinox@xxxxxxx>
MIT Laboratory for Nuclear Science

References:
- [HTCondor-users] condor_ssh_to_job
  - From: Keith Brown
- Re: [HTCondor-users] condor_ssh_to_job
  - From: Rich Pieri
- Re: [HTCondor-users] condor_ssh_to_job
  - From: Keith Brown
- Re: [HTCondor-users] condor_ssh_to_job
  - From: Todd Tannenbaum
- Re: [HTCondor-users] condor_ssh_to_job
  - From: Keith Brown
- Re: [HTCondor-users] condor_ssh_to_job
  - From: Todd Tannenbaum
- Re: [HTCondor-users] condor_ssh_to_job
  - From: Keith Brown

Prev by Date: [HTCondor-users] Java Universe: list jar files
Next by Date: Re: [HTCondor-users] Java Universe: list jar files
Previous by thread: Re: [HTCondor-users] condor_ssh_to_job
Next by thread: Re: [HTCondor-users] condor_ssh_to_job
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [HTCondor-users] condor_ssh_to_job