[HTCondor-users] security question regarding condor_shadow processes

[Mary Hester <maryh@xxxxxxxxx>]

Hello,

I'm not sure if this question has already been covered (or maybe my
search foo has failed) but we had some questions about the condor_shadow
processes that run, in this case, from a submit host. I found this:

"This daemon runs on the machine where a given request was submitted and
acts as the resource manager for the request. Jobs that are linked for
HTCondorâs standard universe, which perform remote system calls, do so
via the condor_shadow. Any system call performed on the remote execute
machine is sent over the network, back to the condor_shadow which
performs the system call on the submit machine, and the result is sent
back over the network to the job on the execute machine. In addition,
the condor_shadow is responsible for making decisions about the request,
such as where checkpoint files should be stored, and how certain files
should be accessed. "

What are the potential system calls that the condor_shadow process
executes? Are these just file I/O or other kinds of system calls? Is the
shadow process constrained by cgroups?

Thanks and best regards,
Mary