Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] limiting Condor & CondorCE systemd exec capabilities?

Date: Tue, 23 Jun 2020 15:06:13 +0200
From: Thomas Hartmann <thomas.hartmann@xxxxxxx>
Subject: [HTCondor-users] limiting Condor & CondorCE systemd exec capabilities?

Hi all,

is it reasonable to try to limit the condor.service (and/or
condor-ce.service) units in their exec capabilities, i.e,
CapabilityBoundingSet [1]? ð

I guess that condor needs a broad set of capabilities to switch users
etc. but maybe dropping some of the network related capabilities?

Cheers,
  Thomas



[1]
https://www.freedesktop.org/software/systemd/man/systemd.exec.html

Attachment: 0x4C44535B5D7ADD74.asc
Description: application/pgp-keys

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: [HTCondor-users] limiting Condor & CondorCE systemd exec capabilities?
  - From: Gregory Thain

Prev by Date: Re: [HTCondor-users] [HTCondor-Users] Cgroup memory hard limit
Next by Date: Re: [HTCondor-users] limiting Condor & CondorCE systemd exec capabilities?
Previous by thread: Re: [HTCondor-users] [HTCondor-Users] Cgroup memory hard limit
Next by thread: Re: [HTCondor-users] limiting Condor & CondorCE systemd exec capabilities?
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

[HTCondor-users] limiting Condor & CondorCE systemd exec capabilities?