hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Varun Vasudev (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-5280) Allow YARN containers to run with Java Security Manager
Date Tue, 15 Nov 2016 06:45:58 GMT

    [ https://issues.apache.org/jira/browse/YARN-5280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15666292#comment-15666292
] 

Varun Vasudev commented on YARN-5280:
-------------------------------------

Thanks for the explanation [~sidharta-s]. [~gphillips] - do you think you can move all the
functionality of prepareContainer into launchContainer and then call super.launchContainer
in JavaSandboxLinuxContainerRuntime? The benefits are - 
1) You won't be affected if/when we do get round to figuring out where to call prepareContainer.

2) The environment will also be available to you as part of the ContainerStartContext.
3) Modifying the launch command is more natural in launchContainer than prepareContainer

A question about the policy file - do you think this is something that end users should be
able to view to help debug applications?

My suggestion is to not use the hadoop tmp dir for the policy file but instead use the container
private directory. You can add the container private directory to the ContainerStartContext
in ContainerLaunch#call and ContainerRelaunch#call. That way -
1) You don't need to worry about the hadoop tmp dir running out of space(which we've seen
in a few cases)
2) The policy file will be cleaned up for you by YARN and you can get rid of the reapContainer
functionality you have.
3) You can also potentially re-use the same policy file across container restarts instead
of creating a temporary file every time, since container private directories are only for
the container.

With regards to the patch you have which resolves the testing errors and removes the use of
YARN queues - please include those changes in the next patch. Once we have the runtime support
in, we can add support in MR and distributed shell for the feature.

> Allow YARN containers to run with Java Security Manager
> -------------------------------------------------------
>
>                 Key: YARN-5280
>                 URL: https://issues.apache.org/jira/browse/YARN-5280
>             Project: Hadoop YARN
>          Issue Type: New Feature
>          Components: nodemanager, yarn
>    Affects Versions: 2.6.4
>            Reporter: Greg Phillips
>            Assignee: Greg Phillips
>            Priority: Minor
>              Labels: oct16-medium
>         Attachments: YARN-5280.001.patch, YARN-5280.002.patch, YARN-5280.003.patch, YARN-5280.004.patch,
YARN-5280.patch, YARNContainerSandbox.pdf
>
>
> YARN applications have the ability to perform privileged actions which have the potential
to add instability into the cluster. The Java Security Manager can be used to prevent users
from running privileged actions while still allowing their core data processing use cases.

> Introduce a YARN flag which will allow a Hadoop administrator to enable the Java Security
Manager for user code, while still providing complete permissions to core Hadoop libraries.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message