The Flux system instance job-exec service requires additional
configuration via the
exec table, for example to enlist the services
of a setuid helper to launch jobs as guests.
exec table may contain the following keys:
(optional) Set the path to the IMP (Independent Minister of Privilege) helper program, as described in RFC 15, so that jobs may be launched with the credentials of the guest user that submitted them. If unset, only jobs submitted by the instance owner may be executed.
(optional) Run job shell under a specific mechanism other than the default forked subprocesses. Potential configurations:
Run job shells are run under systemd, the job shell may be able to survive an unexpected broker shutdown and be recovered when the broker is restarted.
(optional) Override the compiled-in default job shell path.
[exec] imp = "/usr/libexec/flux/flux-imp" job-shell = "/usr/libexec/flux/flux-shell-special"
RFC 15: Flux Security: https://flux-framework.readthedocs.io/projects/flux-rfc/en/latest/spec_15.html