ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Onischuk" <aonis...@hortonworks.com>
Subject Re: Review Request 34549: Non-secure clusters should not install the linux task controller
Date Thu, 21 May 2015 16:49:23 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34549/
-----------------------------------------------------------

(Updated May 21, 2015, 4:49 p.m.)


Review request for Ambari and Vitalyi Brodetskyi.


Bugs: AMBARI-11307
    https://issues.apache.org/jira/browse/AMBARI-11307


Repository: ambari


Description
-------

In insecure clusters, all user code runs as mapred. With our default insecure
install, the setuid to root linux task controller provides mapred with the
ability to run processes as any user. The combination of these is bad. I think
we should separate out the setuid executable to a separate rpm that is only
installed on secure clusters.


Diffs (updated)
-----

  ambari-common/src/main/python/resource_management/core/providers/system.py ba64e5d 
  ambari-common/src/main/python/resource_management/core/sudo.py ebde23d 
  ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
da7b9b4 
  ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py
53bdba1 
  ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py cd5041b 
  ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_client.py f8bccac 
  ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py 5c517f1 
  ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py b775f48 
  ambari-server/src/test/python/stacks/2.0.6/YARN/test_yarn_client.py 9966581 
  ambari-server/src/test/python/stacks/2.1/YARN/test_apptimelineserver.py c8a3033 

Diff: https://reviews.apache.org/r/34549/diff/


Testing
-------

mvn clean test


Thanks,

Andrew Onischuk


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message