hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vinod Kumar Vavilapalli (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-1253) Changes to LinuxContainerExecutor to use cgroups in unsecure mode
Date Tue, 01 Oct 2013 19:30:26 GMT

    [ https://issues.apache.org/jira/browse/YARN-1253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13783247#comment-13783247
] 

Vinod Kumar Vavilapalli commented on YARN-1253:
-----------------------------------------------

[~tucu00], please change the title of this JIRA. "Changes to LinuxContainerExecutor to use
cgroups in unsecure mode" isn't a problem description. If you had started with the problem
description or your use case, we wouldn't have been arguing as much.

With that out of the way..

bq. On the security front, I see this as an improvement in compartmentalization
Like I said, the Windows folks are trying to solve the same set of issues. And as I said in
my previous comment, I am neither positive nor negative about it. Which brings us down to..

bq. If we say that today people should use LCE for cgroups in unsecure mode, then this JIRA
is a bug.
I was never a fan of putting it in LCE. We should refactor that code out to be able to use
it as a standalone library/binary (which doesn't bring in the extra baggage of user-accounts
etc.) - that's the correct fix IMO. Putting in a _local-user_ is an easy short-term solution,
but if we go down this route, I'm afraid it'll become worse and worse as more functionality
gets added.

> Changes to LinuxContainerExecutor to use cgroups in unsecure mode
> -----------------------------------------------------------------
>
>                 Key: YARN-1253
>                 URL: https://issues.apache.org/jira/browse/YARN-1253
>             Project: Hadoop YARN
>          Issue Type: New Feature
>          Components: nodemanager
>    Affects Versions: 2.1.0-beta
>            Reporter: Alejandro Abdelnur
>            Assignee: Roman Shaposhnik
>            Priority: Blocker
>
> When using cgroups we require LCE to be configured in the cluster to start containers.

> When LCE starts containers as the user that submitted the job. While this works correctly
in a secure setup, in an un-secure setup this presents a couple issues:
> * LCE requires all Hadoop users submitting jobs to be Unix users in all nodes
> * Because users can impersonate other users, any user would have access to any local
file of other users
> Particularly, the second issue is not desirable as a user could get access to ssh keys
of other users in the nodes or if there are NFS mounts, get to other users data outside of
the cluster.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message