[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Jobs that require root permissions



Hi Michael,

I suspect we are chasing an incorrect lead with respect to the job suspension; the fakeroot is being leaked to the mount namespace, not the HTCondor one (so the bug I thought of does not apply here).

However, if you add:

MOUNT_UNDER_SCRATCH=/tmp

it should make those warning/error messages go away.

What are your SUSPEND-related attributes set to on that worker node?

Brian

On Mar 18, 2013, at 3:33 PM, Michael Hanke <michael.hanke@xxxxxxxxx> wrote:

Hi,

On Mon, Mar 18, 2013 at 8:26 PM, Brian Bockelman <bbockelm@xxxxxxxxxxx> wrote:
While one such job is running, can you give the output of:

cat /proc/self/mount_info

from a separate shell?  Basically, the directory referenced in the error message shouldn't be visible to to the condor_starter.  However, there are certain HTCondor bugs / kernel features that, if used, can cause the child mounts to leak into the system mount namespaces.  Fedora >= 17 hit one such case.

If that file contains sensitive information, it is OK to send it off-list.

I am attaching the output from a machine that had such a job running that got suspended previously.

Michael


<mntinfo>_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/

Attachment: smime.p7s
Description: S/MIME cryptographic signature