[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Submit classad whitelist

Thanks Jason
My cluster is multi tenancy of few groups using docker, each group gets the correct volumes based on the group. So one group cannot access other group underline storage.

A good example will be this scenario. 
Currently im using version 8.8 and if tomorrow i will upgrade to version 9 there will be a new option docker_network (I think) so in theory the user will be able to do something that i didn't thought about. 

Basically i wish to protect the data or communication of the tenants. 

Many Thanks. 

Get Outlook for Android

From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Jason Patton <jpatton@xxxxxxxxxxx>
Sent: Tuesday, May 4, 2021, 19:27
To: HTCondor-Users Mail List
Subject: Re: [HTCondor-users] Submit classad whitelist

Hi David,

We do provide some configuration macros to provide a set of attributes that cannot be changed once set, and furthermore you can enforce certain values using either submit transforms (to override user-given values) or submit requirements (to enforce that users set certain values). The config macros of note are the four starting here:


I know these don't really solve the question of how to whitelist attributes, can you maybe describe a little more about the scenario that you're trying to solve or prevent?

Jason Patton

On Tue, May 4, 2021 at 7:52 AM <duduhandelman@xxxxxxxxxxx> wrote:
Hi All,
I have some security concerns regarding unknown job classads.
The goal is to allow users submitting a job with very limited job classads for example

Allow only:


Is there any way to accomplish this?

Many Thanks

HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting

The archives can be found at: