[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] condor_rm & the docker universe



On 07/30/2015 10:01 AM, andrew.lahiff@xxxxxxxxxx wrote:
> Hi Greg,
> 
> Ok, I didn't realized it worked like this - I had assumed HTCondor
would do something like "docker stop", rather than send a signal to the
actual executable running inside the container. Isn't this rather
unsafe? It makes it very easy for people to run jobs which escape
HTCondor's control - according to HTCondor the job has been killed but
the Docker container continues running for as long as it wants.

I'd've thought sending sigterm to pid 1 would be rather unsafe... 'cause
there's no possible way it could ever get routed to a wrong pid
namespace or something...

-- 
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

Attachment: signature.asc
Description: OpenPGP digital signature