Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] condor_ssh_to_job broken with 8.8 on CentOS 7
- Date: Wed, 27 Feb 2019 15:19:24 +0100
- From: Oliver Freyermuth <freyermuth@xxxxxxxxxxxxxxxxxx>
- Subject: Re: [HTCondor-users] condor_ssh_to_job broken with 8.8 on CentOS 7
Am 27.02.19 um 15:12 schrieb Steffen Grunewald:
On Wed, 2019-02-27 at 13:56:30 +0100, Oliver Freyermuth wrote:
Please keep in mind (see my earlier mail for more details) that forcing "-U" will break Singularity with setuid root (which is the default).
"-a" enables "-U" dynamically (which the manpage does not state, but the code reveals).
So basically you claim that the current behaviour is broken, even for systems
that support the -a flag?
No. Using "-a" (if supported) works correctly, since it is *not* equivalent to
"-m -u -i -n -p -U", but in fact, as you can find here:
https://github.com/karelzak/util-linux/commit/974cc006f122f36e2187cedb9d3e58dc2d24814c
both in the comment in the manpage change and in the code, "-U" is
"ignored if the same as the caller's current user namespace.". This is the case for singularity with setuid root.
I.e. "-a" works (I think, I cannot test), but forcing "-m -u -i -n -p -U" as your patch does fails.
Cheers,
Oliver
- S
--
Oliver Freyermuth
UniversitÃt Bonn
Physikalisches Institut, Raum 1.047
NuÃallee 12
53115 Bonn
--
Tel.: +49 228 73 2367
Fax: +49 228 73 7869
--
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature