Re: [HTCondor-devel] Future of PrivSep, interested in feedback/opinions


Date: Tue, 23 Apr 2013 10:47:50 -0700
From: Igor Sfiligoi <sfiligoi@xxxxxxxx>
Subject: Re: [HTCondor-devel] Future of PrivSep, interested in feedback/opinions
On 04/23/2013 10:41 AM, Brian Bockelman wrote:
And the OSG VOs need the glexec to work to the best of its options.
I.e. glideins need something along the lines of PrivSep, since running as root is not an option, but we still want privilege separation.

So, I think you should go for (1)...
and actually push it a little further and make sure everything works in "PriveSep" like mode, which includes glexec integration.


Why not use (2)?  Continue supporting existing functionality, but don't target new functionality.
I definitely don't want glexec integration to be second class citizen;
whatever works in "regular condor" should work in "glexec condor".

Sure, there are some things that will simply not work with glexec... due to limits in glexec itself.
But anything that conceivably can, should.
So, indeed there will be some form of (2).

Thanks,
  Igor

PS: I am surprised glexec requires a separate path from PrivSep... but I will take your word for it.

[← Prev in Thread] Current Thread [Next in Thread→]