[HTCondor-users] condor_ssh_to_job and ephemeral LVM filesystems with SELinux

[Alexandr Mikula <mikula@xxxxxx>]

Hi fellow birdkeepers,
I am having the problem using condor_ssh_to_jobs (including the
interactive jobs), due to the combination of the per job LVM and
enforcing SELinux on EP.

On EP without LVM and with SELinux it works OK.

The condor is unable to create the ssh keypair with this in the audit
log:

type=AVC msg=audit(1759390053.112:250528): avc:  denied  { write } for
pid=1383020 comm="ssh-keygen"
path="/scratch/condor/dir_1364028/.condor_ssh_to_job_2/keygen.log"
dev="dm-13" ino=27 scontext=system_u:system_r:ssh_keygen_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0

condor_ssh_to_job output:
#condor_ssh_to_job 31194944
slot1_2@minis01: condor_ssh_to_job_sshd_setup failed: Failed to create
ssh key /scratch/condor/dir_1364028/.condor_ssh_to_job_2/sshkey with
command "/usr/bin/ssh-keygen" "-N" "" "-C" "" "-q" "-f"
"/scratch/condor/dir_1364028/.condor_ssh_to_job_2/sshkey" "-t" "rsa"


Any ideas how to fix it?
Cheers
AM
-- 
Alexandr Mikula
OddÄlenà sÃÅovÃnà a vÃpoÄetnà techniky & VÃpoÄetnà stÅedisko 
FyzikÃlnà Ãstav Akademie vÄd Äeskà republiky, v. v. i.
Institute of Physics of the Czech Academy of Sciences

Attachment: smime.p7s
Description: S/MIME cryptographic signature