[GE users] SELinux on clusters?

prentice prentice at ias.edu
Wed Apr 14 16:30:20 BST 2010

Note: I changed subject line to start a new thread.

jlb wrote:
> On Mon, 12 Apr 2010 at 9:33pm, fx wrote
>> bdbaddog <bill at baddogconsulting.com> writes:
>>> If this is a real concern with your user population, I'm sure there
>>> are more ways to lock down the machines and user accounts and such,
>>> perhaps SELinux?
>> Do people successfully run clusters generally, and SGE specifically,
>> with that on?
> It's on on my master and submit hosts.  It's not on on my exec hosts 
> mostly due to inertia and the lack of a sufficient number of circular 
> tuits.

Using additional security measures on submit hosts (that are not also
exec hosts) and the master node makes sense, since these nodes are not
as computationally loaded and are often on a more public network than
the execution hosts, which are usually on a private network with
restricted access.

On an exec host, however, I would thing SELinux is a bad idea. I would
imagine all the checking that SELinux does would seriously impact the
performance of a cluster node. Think of the ASCI Q paper - just
processing interupts can seriously reduce performance. Now think of how
operations must be done for SELinux checks.

Disclaimer: I know almost nothing about SELinux.



To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].

More information about the gridengine-users mailing list