hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Sundararajan <madhan.sundarara...@tcs.com>
Subject Re: Hadoop Common: Why not re-use the Security model offered by SELINUX?
Date Thu, 26 Mar 2015 14:44:51 GMT
Allen,

 Unlike you, I am no Unix veteran.

 However, having used Hadoop briefly I observed this anomaly.

 Yes, as you have highlighted, this is not applicable to non-Linux 
platforms.

 Hadoop's security layer can be made to re-use SELINUX' policies through 
remote policy server, to ease the application of policies from a 
centralised policy server.

 Further, Hadoop can be made to re-use role-based-access-controls provided 
by SELINUX.

 In addition, Hadoop daemons can be subjected to the fine-grained access 
policies of SELINUX to use the Linux Server's resources.

Regards
Madhan Sundararajan Devaki

Tata Consultancy Services Limited
415/21-24, Kumaran Nagar,
Sholinganallur,
Old Mahabalipuram,
Chennai - 600 119,Tamil Nadu
India
Cell:- +91-9840141129
Mailto: madhan.sundararajan@tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty.   IT Services
                        Business Solutions
                        Consulting
____________________________________________



From:   Allen Wittenauer <aw@altiscale.com>
To:     common-dev@hadoop.apache.org
Date:   03/26/2015 06:51 PM
Subject:        Re: Hadoop Common: Why not re-use the Security model 
offered by SELINUX?




                 How would you propose we use SELinux features to support 
security, especially in a distributed manner where clients might be under 
different administrative controls?  What about the non-Linux platforms 
that Hadoop runs on? 


On Mar 26, 2015, at 3:46 AM, Madhan Sundararajan 
<madhan.sundararajan@tcs.com> wrote:

> Team,
> 
> SELINUX was introduced to bring in a robust security management in Linux 

> OS.
> 
> In all distributions of Hadoop (Cloudera/Hortonworks/...) one of the 
> pre-installation checklist items is to disable SELINUX in all the nodes 
of 
> the cluster.
> 
> Why not re-use the security model offered by SELINUX setting instead of 
> re-inventing from scratch through Sentry/Knox/etc...?
> 
> Regards
> Madhan Sundararajan Devaki
> 
> Tata Consultancy Services Limited
> 415/21-24, Kumaran Nagar,
> Sholinganallur,
> Old Mahabalipuram,
> Chennai - 600 119,Tamil Nadu
> India
> Cell:- +91-9840141129
> Mailto: madhan.sundararajan@tcs.com
> Website: http://www.tcs.com
> ____________________________________________
> Experience certainty.   IT Services
>                        Business Solutions
>                        Consulting
> ____________________________________________
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain 
> confidential or privileged information. If you are 
> not the intended recipient, any dissemination, use, 
> review, distribution, printing or copying of the 
> information contained in this e-mail message 
> and/or attachments to it are strictly prohibited. If 
> you have received this communication in error, 
> please notify us by reply e-mail or telephone and 
> immediately and permanently delete the message 
> and any attachments. Thank you
> 
> 



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message