Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id B21B4200C34 for ; Mon, 27 Feb 2017 17:16:51 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id B0B8A160B7A; Mon, 27 Feb 2017 16:16:51 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 08193160B60 for ; Mon, 27 Feb 2017 17:16:50 +0100 (CET) Received: (qmail 80347 invoked by uid 500); 27 Feb 2017 16:16:50 -0000 Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list yarn-issues@hadoop.apache.org Received: (qmail 80275 invoked by uid 99); 27 Feb 2017 16:16:50 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Feb 2017 16:16:50 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 9FABBC1676 for ; Mon, 27 Feb 2017 16:16:49 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.451 X-Spam-Level: * X-Spam-Status: No, score=1.451 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_NEUTRAL=0.652] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id xiWYt4z9k7Ue for ; Mon, 27 Feb 2017 16:16:49 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id BB2DA60E17 for ; Mon, 27 Feb 2017 16:16:48 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id AE0DAE0B08 for ; Mon, 27 Feb 2017 16:16:46 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id CF6812415E for ; Mon, 27 Feb 2017 16:16:45 +0000 (UTC) Date: Mon, 27 Feb 2017 16:16:45 +0000 (UTC) From: "Greg Phillips (JIRA)" To: yarn-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Comment Edited] (YARN-5280) Allow YARN containers to run with Java Security Manager MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Mon, 27 Feb 2017 16:16:51 -0000 [ https://issues.apache.org/jira/browse/YARN-5280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15885969#comment-15885969 ] Greg Phillips edited comment on YARN-5280 at 2/27/17 4:16 PM: -------------------------------------------------------------- [~vvasudev] Thanks for reviewing the patch. The ContainerRuntimeContext is used across all methods in the ContainerRuntime interface: {code:title=ContainerRuntime.java} void prepareContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException; void launchContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException; void signalContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException; void reapContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException; {code} The goal was to conform to the existing ContainerRuntime interface, though it definitely could make sense to merge the various Context's in a separate ticket. was (Author: gphillips): [~vvasudev] Thanks for reviewing the patch. The ContainerRuntimeContext is used across all methods in the ContainerRuntime interface: {code:title=ContainerRuntime.java} void prepareContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException; void launchContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException; void signalContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException; void reapContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException; {code} The goal was to conform to the existing ContainerRuntime interface, though it definitely could make sense to merge the various Context's in a separate patch. > Allow YARN containers to run with Java Security Manager > ------------------------------------------------------- > > Key: YARN-5280 > URL: https://issues.apache.org/jira/browse/YARN-5280 > Project: Hadoop YARN > Issue Type: New Feature > Components: nodemanager, yarn > Affects Versions: 2.6.4 > Reporter: Greg Phillips > Assignee: Greg Phillips > Priority: Minor > Labels: oct16-medium > Attachments: YARN-5280.001.patch, YARN-5280.002.patch, YARN-5280.003.patch, YARN-5280.004.patch, YARN-5280.005.patch, YARN-5280.006.patch, YARN-5280.007.patch, YARN-5280.008.patch, YARN-5280.patch, YARNContainerSandbox.pdf > > > YARN applications have the ability to perform privileged actions which have the potential to add instability into the cluster. The Java Security Manager can be used to prevent users from running privileged actions while still allowing their core data processing use cases. > Introduce a YARN flag which will allow a Hadoop administrator to enable the Java Security Manager for user code, while still providing complete permissions to core Hadoop libraries. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: yarn-issues-help@hadoop.apache.org