hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arun C Murthy (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (YARN-1253) Changes to LinuxContainerExecutor to use cgroups in unsecure mode
Date Mon, 30 Sep 2013 23:34:28 GMT

     [ https://issues.apache.org/jira/browse/YARN-1253?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Arun C Murthy updated YARN-1253:
--------------------------------

    Fix Version/s:     (was: 2.1.1-beta)

> Changes to LinuxContainerExecutor to use cgroups in unsecure mode
> -----------------------------------------------------------------
>
>                 Key: YARN-1253
>                 URL: https://issues.apache.org/jira/browse/YARN-1253
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>    Affects Versions: 2.1.0-beta
>            Reporter: Alejandro Abdelnur
>            Assignee: Roman Shaposhnik
>            Priority: Blocker
>
> When using cgroups we require LCE to be configured in the cluster to start containers.

> When LCE starts containers as the user that submitted the job. While this works correctly
in a secure setup, in an un-secure setup this presents a couple issues:
> * LCE requires all Hadoop users submitting jobs to be Unix users in all nodes
> * Because users can impersonate other users, any user would have access to any local
file of other users
> Particularly, the second issue is not desirable as a user could get access to ssh keys
of other users in the nodes or if there are NFS mounts, get to other users data outside of
the cluster.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message