hadoop-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Thomas <tho...@hep.caltech.edu>
Subject Re: Hadoop with SELinux?
Date Tue, 05 Jan 2010 16:48:19 GMT
We have used selinux on our large cluster with HDFS (we don't use MR). 
The only issue I've found is that the mount program does not have 
permission to execute java, which prohibits you from mounting the fuse 
filesystem from /etc/fstab.  This is fixed with the policy file below.

require {
         type mount_t;
         type shell_exec_t;
         type proc_net_t;
         type random_device_t;
         type java_exec_t;
         type fusefs_t;
         class process { execstack execmem getsched setrlimit };
         class tcp_socket { accept listen };
         class chr_file read;
         class file { execute read getattr execute_no_trans };
         class dir { read getattr search };
}

#============= mount_t ==============
allow mount_t fusefs_t:dir { read getattr };
allow mount_t java_exec_t:file { read getattr execute execute_no_trans };
allow mount_t proc_net_t:dir search;
allow mount_t proc_net_t:file { read getattr };
allow mount_t random_device_t:chr_file read;
allow mount_t self:process { execstack execmem getsched setrlimit };
allow mount_t self:tcp_socket { accept listen };
allow mount_t shell_exec_t:file { read execute getattr execute_no_trans };


--Mike

On 01/05/2010 08:05 AM, Gibbon, Robert, VF-Group wrote:
> Hello list
>
> Can someone please tell me if it would be possible to run hadoop with SELinux enabled
across the cluster? Are there any known issues or better, how2's I can be pointed at? Also
interested in running iptables on the nodes - easy to do?
>
> Many thanks in advance
> Robert
>
> Robert Gibbon
> Solutions Architect
> Integration Design&  Solution Engineering
>
> Vodafone Group Service GmbH
> Mannesmannufer 2, D-40213 Düsseldorf, Germany
> Amtsgericht Düsseldorf, HRB 53554
> Geschäftsführung: Helmut Hoffmann, Dr. Joachim Peters
>
>
>



Mime
View raw message