Re: [HTCondor-users] condor_ssh_to_job broken with 8.8 on CentOS 7

[Oliver Freyermuth <freyermuth@xxxxxxxxxxxxxxxxxx>]

Am 27.02.19 um 13:52 schrieb Steffen Grunewald:
> On Wed, 2019-02-27 at 10:14:11 +0100, Steffen Grunewald wrote:
> > Here's the diff:
> >
> > condor-8.8.1# diff -u src/condor_starter.V6.1/os_proc.cpp{.ORIG,}
> > --- src/condor_starter.V6.1/os_proc.cpp.ORIG    2019-02-19 05:08:49.000000000 +0100
> > +++ src/condor_starter.V6.1/os_proc.cpp 2019-02-27 10:09:43.513715435 +0100
> > @@ -1106,7 +1106,13 @@
> >          }
> >          ArgList args;
> >          args.AppendArg("/usr/bin/nsenter");
> > -       args.AppendArg("-a"); // all namespaces
> > +       #args.AppendArg("-a"); // all namespaces
>
> What an embarrassing mistake. You may guess which language I've been coding in before...
> Make that "#" read "// " and you're set...
>
> > +       args.AppendArg("-m");
> > +       args.AppendArg("-u");
> > +       args.AppendArg("-i");
> > +       args.AppendArg("-n");
> > +       args.AppendArg("-p");
> > +       args.AppendArg("-U");
> >          args.AppendArg("-t"); // target pid
> >          char buf[32];
> >          sprintf(buf,"%d", pid);
> >
> > Greg, did I overlook something?
>
> Obviously, yes :/
>
> > I'll make this a Debian patch, and rebuild, if there's no veto...
>
> Rebuild is running (first for Jessie), will take a while.

Please keep in mind (see my earlier mail for more details) that forcing "-U" will break Singularity with setuid root (which is the default).
"-a" enables "-U" dynamically (which the manpage does not state, but the code reveals).

Cheers,
	Oliver

> Apologies,
> - S

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature