hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Phillips (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-5280) Allow YARN containers to run with Java Security Manager
Date Mon, 11 Jul 2016 20:19:11 GMT

    [ https://issues.apache.org/jira/browse/YARN-5280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15371530#comment-15371530
] 

Greg Phillips commented on YARN-5280:
-------------------------------------

Hello [~lmccay] - Thanks for the link to the EE specification for application permission requests.
 Given the range of frameworks that use YARN there is definitely utility in creating framework
level rulesets.  In order to prevent users from granting themselves excess permissions this
would likely need to take the form of server side configurations.  Thus far this effort has
entailed providing all permissions to trusted code such as core hadoop libraries and surrounding
projects (Pig, Hive, Oozie, etc.) while limiting privileges to the user contributed code that
performs the processing.  I would be interested to see if we could adopt a similar model for
Slider; full privileges for the core libraries while locking down the user code.  Initially
I would like to prove this feature against MapReduce and the frameworks that leverage it.
 Additionally the solution must be extensible enough so other YARN frameworks can be handled
differently by the NodeManager: either by disabling the security manager, or by providing
a different set of permissions.

In secure installations of Hadoop the creation and management of keystores is already a necessity.
 I have written some prototype utilities which streamline the process of signing Hadoop libraries.
 For Pig and Hive the dynamically created jars will need to be broken out.  I have a test
build of Pig which instead of creating an UberJar adds the necessary libs to tmpjars.  This
allows the libraries to maintain their signatures, and ultimately decreases the overhead of
running Pig jobs since the broken out libraries will now be able to exist in the filecache.
 If this seems like an appropriate path I will create the subtasks for Hive and Pig.


> Allow YARN containers to run with Java Security Manager
> -------------------------------------------------------
>
>                 Key: YARN-5280
>                 URL: https://issues.apache.org/jira/browse/YARN-5280
>             Project: Hadoop YARN
>          Issue Type: New Feature
>          Components: nodemanager, yarn
>    Affects Versions: 2.6.4
>            Reporter: Greg Phillips
>            Priority: Minor
>         Attachments: YARN-5280.patch, YARNContainerSandbox.pdf
>
>
> YARN applications have the ability to perform privileged actions which have the potential
to add instability into the cluster. The Java Security Manager can be used to prevent users
from running privileged actions while still allowing their core data processing use cases.

> Introduce a YARN flag which will allow a Hadoop administrator to enable the Java Security
Manager for user code, while still providing complete permissions to core Hadoop libraries.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message