Mailing List Archives
Authenticated access
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] security question regarding condor_shadow processes
- Date: Mon, 12 Oct 2020 20:26:37 -0500
- From: Greg Thain <gthain@xxxxxxxxxxx>
- Subject: Re: [HTCondor-users] security question regarding condor_shadow processes
On 10/12/20 8:51 AM, Mary Hester wrote:
Hello,
I'm not sure if this question has already been covered (or maybe my
search foo has failed) but we had some questions about the condor_shadow
processes that run, in this case, from a submit host. I found this:
Hi Mary:
Thanks for the good question.
First, the standard universe is going away from HTCondor -- it has been
removed from the 8.9 series, and is only supported on a couple of Linux
platforms in 8.8, and doesn't really work in a glidein / grid environment.
Even with the more common vanilla (which includes docker & java
universes), there is a shadow process that runs under the schedd on the
submit machine for every running job in the system. This shadow process
runs as the Unix user id of the submitting user, and executes various
system calls on behalf of the jobs. The shadow is not constrained by
cgroups, containers or chroot today. The shadow runs systems calls as
the submitting user to
* Send the input sandbox of file from the submit machine to the execute
machine
* Send the output sandbox of files from the execute machine to the
submit machine
* Communicate with the startd/starter and schedd.
* Write the user job log events to file
* Service chirp requests from the running job, if enabled.
ÂÂÂ ** These include reading and writing files as the submitting user.Â
While these files are only those read or writeable by the submitting
user, we've recently added support to further constrain the set of files
the shadow can read or write via chirp.
Thanks,
-greg