Return-Path: <yarn-issues-return-107710-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 274A0200C1B
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 14 Feb 2017 22:26:47 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 25E60160B5F; Tue, 14 Feb 2017 21:26:47 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 6F05E160B45
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 14 Feb 2017 22:26:46 +0100 (CET)
Received: (qmail 15912 invoked by uid 500); 14 Feb 2017 21:26:45 -0000
Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:yarn-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:yarn-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:yarn-issues@hadoop.apache.org>
List-Id: <yarn-issues.hadoop.apache.org>
Delivered-To: mailing list yarn-issues@hadoop.apache.org
Received: (qmail 15901 invoked by uid 99); 14 Feb 2017 21:26:45 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Feb 2017 21:26:45 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 2A218C0D33
	for <yarn-issues@hadoop.apache.org>; Tue, 14 Feb 2017 21:26:45 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=6.31
	tests=[KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=-2.999]
	autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id DIVeLCD6pXpw for <yarn-issues@hadoop.apache.org>;
	Tue, 14 Feb 2017 21:26:44 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 1D5285FAFB
	for <yarn-issues@hadoop.apache.org>; Tue, 14 Feb 2017 21:26:44 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id EC4B2E07D3
	for <yarn-issues@hadoop.apache.org>; Tue, 14 Feb 2017 21:26:42 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 23C3A2413C
	for <yarn-issues@hadoop.apache.org>; Tue, 14 Feb 2017 21:26:42 +0000 (UTC)
Date: Tue, 14 Feb 2017 21:26:42 +0000 (UTC)
From: "Greg Phillips (JIRA)" <jira@apache.org>
To: yarn-issues@hadoop.apache.org
Message-ID: <JIRA.12981320.1466509660000.80357.1487107602144@Atlassian.JIRA>
In-Reply-To: <JIRA.12981320.1466509660000@Atlassian.JIRA>
References: <JIRA.12981320.1466509660000@Atlassian.JIRA> <JIRA.12981320.1466509660869@jira-lw-us.apache.org>
Subject: [jira] [Commented] (YARN-5280) Allow YARN containers to run with
 Java Security Manager
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Tue, 14 Feb 2017 21:26:47 -0000


    [ https://issues.apache.org/jira/browse/YARN-5280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15866716#comment-15866716 ] 

Greg Phillips commented on YARN-5280:
-------------------------------------

[~rkanter] - From your previous note it became clear simply limiting the container to execute something called 'java' is inherently insecure.  This patch ensures the java executable used to run the NodeManager is also used for the container.  If a different version of Java or even a shell script named 'java' is provided an exception will be thrown in enforcing mode, or a warning will be logged in permissive mode.

> Allow YARN containers to run with Java Security Manager
> -------------------------------------------------------
>
>                 Key: YARN-5280
>                 URL: https://issues.apache.org/jira/browse/YARN-5280
>             Project: Hadoop YARN
>          Issue Type: New Feature
>          Components: nodemanager, yarn
>    Affects Versions: 2.6.4
>            Reporter: Greg Phillips
>            Assignee: Greg Phillips
>            Priority: Minor
>              Labels: oct16-medium
>         Attachments: YARN-5280.001.patch, YARN-5280.002.patch, YARN-5280.003.patch, YARN-5280.004.patch, YARN-5280.005.patch, YARN-5280.006.patch, YARN-5280.007.patch, YARN-5280.008.patch, YARN-5280.patch, YARNContainerSandbox.pdf
>
>
> YARN applications have the ability to perform privileged actions which have the potential to add instability into the cluster. The Java Security Manager can be used to prevent users from running privileged actions while still allowing their core data processing use cases. 
> Introduce a YARN flag which will allow a Hadoop administrator to enable the Java Security Manager for user code, while still providing complete permissions to core Hadoop libraries.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org