-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
broker: add broker.dmesg_restrict configuration key #5278
Comments
As a data point, the kernel |
It's a good point that the content is pretty open ended and developers should probably not have to worry about what they might be exposing when deciding whether or not to log stuff. They should be focused on what's useful. If we really thought this was an issue (say on a development system) we could add configuration support for enabling guest access, similar to the kernel sysctl |
That's what I was thinking, a configuration setting that admins could set on the mgmt nodes would be pretty useful probably. |
Oh well it'd be easy to add. I'll reopen this and retitle. |
Problem:
flux dmesg
involves a lot of sudoing when diagnosing a system instance.A number of services were restricted to instance owner out of an abundance of caution. Possibly this one could be opened to guests for convenience?
If necessary, we could restrict access to "local only" to give rank 0 a modicum of protection for sites that run it on a node with restricted access.
Just a thought I wanted to open for discussion.
The text was updated successfully, but these errors were encountered: