hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Phillips (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (YARN-5280) Allow YARN containers to run with Java Security Manager
Date Mon, 27 Feb 2017 16:16:45 GMT

    [ https://issues.apache.org/jira/browse/YARN-5280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15885969#comment-15885969
] 

Greg Phillips edited comment on YARN-5280 at 2/27/17 4:16 PM:
--------------------------------------------------------------

[~vvasudev] Thanks for reviewing the patch.  The ContainerRuntimeContext is used across all
methods in the ContainerRuntime interface:
{code:title=ContainerRuntime.java}
  void prepareContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
  void launchContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
  void signalContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
  void reapContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
{code}
The goal was to conform to the existing ContainerRuntime interface, though it definitely could
make sense to merge the various Context's in a separate ticket.


was (Author: gphillips):
[~vvasudev] Thanks for reviewing the patch.  The ContainerRuntimeContext is used across all
methods in the ContainerRuntime interface:
{code:title=ContainerRuntime.java}
  void prepareContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
  void launchContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
  void signalContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
  void reapContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
{code}
The goal was to conform to the existing ContainerRuntime interface, though it definitely could
make sense to merge the various Context's in a separate patch.

> Allow YARN containers to run with Java Security Manager
> -------------------------------------------------------
>
>                 Key: YARN-5280
>                 URL: https://issues.apache.org/jira/browse/YARN-5280
>             Project: Hadoop YARN
>          Issue Type: New Feature
>          Components: nodemanager, yarn
>    Affects Versions: 2.6.4
>            Reporter: Greg Phillips
>            Assignee: Greg Phillips
>            Priority: Minor
>              Labels: oct16-medium
>         Attachments: YARN-5280.001.patch, YARN-5280.002.patch, YARN-5280.003.patch, YARN-5280.004.patch,
YARN-5280.005.patch, YARN-5280.006.patch, YARN-5280.007.patch, YARN-5280.008.patch, YARN-5280.patch,
YARNContainerSandbox.pdf
>
>
> YARN applications have the ability to perform privileged actions which have the potential
to add instability into the cluster. The Java Security Manager can be used to prevent users
from running privileged actions while still allowing their core data processing use cases.

> Introduce a YARN flag which will allow a Hadoop administrator to enable the Java Security
Manager for user code, while still providing complete permissions to core Hadoop libraries.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message