On 7/11/19 8:19 AM, Douglas Duckworth wrote:
I am wondering if it's possible to hide a file system, that's world
writable on compute node, logically within Slurm. That way any job a
user runs cannot possible access this file system.
Essentially we define $TMPDIR as /scratch, which Slurm cleans up in
epilogue scripts, but some users still keep writing to /tmp instead
which we do not want. We would use tmpwatch to clean up /tmp but I
would rather just prevent people from writing to it within Slurm.
I've done this at ${JOB-1} and ${JOB-2} using the spank plugin that uses
kernel namespace support to make a private directory in our scratch
filesystem look like /tmp to jobs on our diskless nodes.
This was especially important for scripts that wrapped Java and so could
not be told to use an alternative directory.
https://github.com/chrissamuel/spank-private-tmp
You'll need a job epilog to clean them up afterwards of course.
All the best,
Chris
--
Chris Samuel : http://www.csamuel.org/ : Berkeley, CA, USA
