hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Remus Rusanu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-1972) Implement secure Windows Container Executor
Date Thu, 05 Jun 2014 08:40:02 GMT

    [ https://issues.apache.org/jira/browse/YARN-1972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14018583#comment-14018583
] 

Remus Rusanu commented on YARN-1972:
------------------------------------

Tracked this down to {code}LocalizerRunner.run(){code}:
{code}
 exec.startLocalizer(nmPrivateCTokensPath, localizationServerAddress,
              context.getUser(),
              ConverterUtils.toString(
                  context.getContainerId().
                  getApplicationAttemptId().getApplicationId()),
{code}
Notice the use of application id, not attempt id when launching the localizer. I will change
this to attempt id to eliminate the possibility of duplicates.

> Implement secure Windows Container Executor
> -------------------------------------------
>
>                 Key: YARN-1972
>                 URL: https://issues.apache.org/jira/browse/YARN-1972
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: nodemanager
>            Reporter: Remus Rusanu
>            Assignee: Remus Rusanu
>              Labels: security, windows
>         Attachments: YARN-1972.1.patch
>
>
> This work item represents the Java side changes required to implement a secure windows
container executor, based on the YARN-1063 changes on native/winutils side. 
> Necessary changes include leveraging the winutils task createas to launch the container
process as the required user and a secure localizer (launch localization as a separate process
running as the container user).



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message