[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] limiting Condor & CondorCE systemd exec capabilities?

Hi all,

is it reasonable to try to limit the condor.service (and/or
condor-ce.service) units in their exec capabilities, i.e,
CapabilityBoundingSet [1]? ð

I guess that condor needs a broad set of capabilities to switch users
etc. but maybe dropping some of the network related capabilities?



Attachment: 0x4C44535B5D7ADD74.asc
Description: application/pgp-keys

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature