Return-Path: <yarn-issues-return-109026-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 5B08D200C4E
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu,  2 Mar 2017 03:13:52 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 598E1160B70; Thu,  2 Mar 2017 02:13:52 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id AB106160B78
	for <archive-asf-public@cust-asf.ponee.io>; Thu,  2 Mar 2017 03:13:51 +0100 (CET)
Received: (qmail 26780 invoked by uid 500); 2 Mar 2017 02:13:50 -0000
Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:yarn-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:yarn-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:yarn-issues@hadoop.apache.org>
List-Id: <yarn-issues.hadoop.apache.org>
Delivered-To: mailing list yarn-issues@hadoop.apache.org
Received: (qmail 26709 invoked by uid 99); 2 Mar 2017 02:13:50 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 02 Mar 2017 02:13:50 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 2C0C018C468
	for <yarn-issues@hadoop.apache.org>; Thu,  2 Mar 2017 02:13:50 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -2.347
X-Spam-Level: 
X-Spam-Status: No, score=-2.347 tagged_above=-999 required=6.31
	tests=[RP_MATCHES_RCVD=-2.999, SPF_NEUTRAL=0.652] autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id 9xlTrUXQwqOz for <yarn-issues@hadoop.apache.org>;
	Thu,  2 Mar 2017 02:13:49 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 63F3F61F00
	for <yarn-issues@hadoop.apache.org>; Thu,  2 Mar 2017 02:13:48 +0000 (UTC)
Received: from jira-lw-us.apache.org (unknown [207.244.88.139])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id B6D89E0A4B
	for <yarn-issues@hadoop.apache.org>; Thu,  2 Mar 2017 02:13:46 +0000 (UTC)
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 965532417E
	for <yarn-issues@hadoop.apache.org>; Thu,  2 Mar 2017 02:13:45 +0000 (UTC)
Date: Thu, 2 Mar 2017 02:13:45 +0000 (UTC)
From: "Hudson (JIRA)" <jira@apache.org>
To: yarn-issues@hadoop.apache.org
Message-ID: <JIRA.12981320.1466509660000.38286.1488420825613@Atlassian.JIRA>
In-Reply-To: <JIRA.12981320.1466509660000@Atlassian.JIRA>
References: <JIRA.12981320.1466509660000@Atlassian.JIRA> <JIRA.12981320.1466509660869@jira-lw-us.apache.org>
Subject: [jira] [Commented] (YARN-5280) Allow YARN containers to run with
 Java Security Manager
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Thu, 02 Mar 2017 02:13:52 -0000


    [ https://issues.apache.org/jira/browse/YARN-5280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15891486#comment-15891486 ] 

Hudson commented on YARN-5280:
------------------------------

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11328 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/11328/])
YARN-5280. Allow YARN containers to run with Java Security Manager (rkanter: rev 6f6dfe0202249c129b36edfd145a2224140139cc)
* (edit) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/launcher/ContainerLaunch.java
* (edit) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/LinuxContainerExecutor.java
* (edit) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
* (edit) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntimeConstants.java
* (add) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/JavaSandboxLinuxContainerRuntime.java
* (edit) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
* (add) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestJavaSandboxLinuxContainerRuntime.java
* (edit) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DelegatingLinuxContainerRuntime.java
* (add) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/executor/ContainerPrepareContext.java
* (add) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/resources/java.policy
* (edit) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/ContainerExecutor.java


> Allow YARN containers to run with Java Security Manager
> -------------------------------------------------------
>
>                 Key: YARN-5280
>                 URL: https://issues.apache.org/jira/browse/YARN-5280
>             Project: Hadoop YARN
>          Issue Type: New Feature
>          Components: nodemanager, yarn
>    Affects Versions: 2.6.4
>            Reporter: Greg Phillips
>            Assignee: Greg Phillips
>            Priority: Minor
>              Labels: oct16-medium
>             Fix For: 3.0.0-alpha3
>
>         Attachments: YARN-5280.001.patch, YARN-5280.002.patch, YARN-5280.003.patch, YARN-5280.004.patch, YARN-5280.005.patch, YARN-5280.006.patch, YARN-5280.007.patch, YARN-5280.008.patch, YARN-5280.patch, YARNContainerSandbox.pdf
>
>
> YARN applications have the ability to perform privileged actions which have the potential to add instability into the cluster. The Java Security Manager can be used to prevent users from running privileged actions while still allowing their core data processing use cases. 
> Introduce a YARN flag which will allow a Hadoop administrator to enable the Java Security Manager for user code, while still providing complete permissions to core Hadoop libraries.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org