hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ravi Prakash (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-2424) LCE should support non-cgroups, non-secure mode
Date Tue, 19 Aug 2014 21:27:18 GMT

    [ https://issues.apache.org/jira/browse/YARN-2424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14102873#comment-14102873

Ravi Prakash commented on YARN-2424:

Hi Tucu! I'd brought it up only because in the earlier comment you'd said
bq. Ravi, all the config in the container-executor.cfg is EXCLUSIVELY for enforcing constraints
on the process to be launched, it does not restrict a launched JVM process from doing a System.setProperty("user.name",
"ANY") to gain access to +*HDFS*+ as user ANY (if Kerberos is ON, setting 'user.name' property
has no effect).
I'm glad we agree that YARN-1253 wasn't about protecting HDFS or YARN.

bq. it is about protecting the node at OS level by enforcing the use of a least privileged
So if we enforced the use of several least privileged users (instead of only 1), is that not
just as secure? Would you argue that with the proper use of blacklists and whitelists this
cannot be achieved?

> LCE should support non-cgroups, non-secure mode
> -----------------------------------------------
>                 Key: YARN-2424
>                 URL: https://issues.apache.org/jira/browse/YARN-2424
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>    Affects Versions: 2.3.0, 2.4.0, 2.5.0, 2.4.1
>            Reporter: Allen Wittenauer
>            Priority: Blocker
>         Attachments: YARN-2424.patch
> After YARN-1253, LCE no longer works for non-secure, non-cgroup scenarios.  This is a
fairly serious regression, as turning on LCE prior to turning on full-blown security is a
fairly standard procedure.

This message was sent by Atlassian JIRA

View raw message