hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Remus Rusanu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-732) YARN support for container isolation on Windows
Date Fri, 15 Nov 2013 12:19:22 GMT

    [ https://issues.apache.org/jira/browse/YARN-732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13823595#comment-13823595
] 

Remus Rusanu commented on YARN-732:
-----------------------------------

I uploaded your diff on review board https://reviews.apache.org/r/15575/

> YARN support for container isolation on Windows
> -----------------------------------------------
>
>                 Key: YARN-732
>                 URL: https://issues.apache.org/jira/browse/YARN-732
>             Project: Hadoop YARN
>          Issue Type: New Feature
>          Components: nodemanager
>    Affects Versions: trunk-win
>            Reporter: Kyle Leckie
>              Labels: security
>             Fix For: trunk-win
>
>         Attachments: winutils.diff
>
>
> There is no ContainerExecutor on windows that can launch containers in a manner that
creates:
> 1) container isolation
> 2) container execution with reduced rights
> I am working on patches that will add the ability to launch containers in a process with
a reduced access token. 
> Update: After examining several approaches I have settled on launching the task as a
domain user. I have attached the current winutils diff which is a work in progress. 
> Work remaining:
> - Create isolated desktop for task processes.
> - Set integrity of spawned processed to low.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message