Kilian CAVALOTTI wrote:
On Thursday 19 June 2008 05:08:43 pm Joe Landman wrote:
SElinux and Apparmor try to limit the damage
even in a secure setting, though I am not sure how well they do
there.
If you want/need to use things like Lustre, for instance, you can forgot
about SELinux and AppArmor, it simply doesn't work.
In the Lustre release notes:
"Do not laugh in the presence of Lustre, for it is
subtle and quick to anger".
(for those who aren't sure, this is an attempt at humor ... no need to
skewer me over "anti-Lustre" comments ...)
Isn't it a common practice in HPC to keep security rules relatively
relaxed *inside* a cluster (passwordless logins between compute nodes
for instance), whilst trying to harden the links to the external world?
Yes. Leave the window wide open while bolting the door tight ... :(
I mean, most of the scientific applications haven't precisely been
designed with security as their first concern, have they?
I would be happy if they had better code than
if (!(fdopen( ... )) {
printf "I died\n";
exit(-1);
}
Cheers
--
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics LLC,
email: [EMAIL PROTECTED]
web : http://www.scalableinformatics.com
http://jackrabbit.scalableinformatics.com
phone: +1 734 786 8423
fax : +1 866 888 3112
cell : +1 734 612 4615
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
