Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] Simplest way to change ulimit for all new jobs
- Date: Thu, 4 Oct 2018 17:48:32 +0000
- From: Todd Tannenbaum <tannenba@xxxxxxxxxxx>
- Subject: Re: [HTCondor-users] Simplest way to change ulimit for all new jobs
On 10/4/2018 10:16 AM, Michael Pelletier wrote:
> Hi Sean,
>
> The proper way to do this systemwide is in /etc/security/limits.conf:
>
> * hard stack 16000000
>
> The profile.d only works on login shells. Limits.conf covers everything on the system.
>
Hi Michael,
Unfortunately /etc/security/limits.conf does not cover everything on the system; it only covers users logged in via PAM. It does not affect resource limits of the system services (like HTCondor in its default RPM/DEB installation).
Assuming you installed HTCondor from system packages, here is the CVE-2018-14634 mitigation for HTCondor that I recommend (copied yet again ... sorry to be repetitive but I wanted to make life easier for folks who just google things) -
** For HTCondor v8.6.x+ installed from RPMs on RHEL6, SL6, Centos6 (i.e. distros running init):
As root run the following commands:
sed -i 's/ULIMIT_FLAGS=.*/ULIMIT_FLAGS="-Hs 16000000"/' /etc/sysconfig/condor
service condor restart
** For HTCondor v8.6.x+ installed from RPMs or DEBs on RHEL7, Centos7, SL7, Debian, or Ubuntu (i.e. distros running systemd):
As root run the following commands:
mkdir /etc/systemd/system/condor.service.d
echo -e '[Service]\nLimitSTACK=16G\n' > /etc/systemd/system/condor.service.d/CVE-2018-14634.conf
systemctl restart condor
regards,
Todd