hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Yang (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (YARN-8838) Add security check for container user is same as websocket user
Date Wed, 31 Oct 2018 16:35:00 GMT

     [ https://issues.apache.org/jira/browse/YARN-8838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Eric Yang updated YARN-8838:
----------------------------
    Attachment: YARN-8838.003.patch

> Add security check for container user is same as websocket user
> ---------------------------------------------------------------
>
>                 Key: YARN-8838
>                 URL: https://issues.apache.org/jira/browse/YARN-8838
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: nodemanager
>            Reporter: Eric Yang
>            Assignee: Eric Yang
>            Priority: Major
>              Labels: docker
>         Attachments: YARN-8838.001.patch, YARN-8838.002.patch, YARN-8838.003.patch
>
>
> When user is authenticate via SPNEGO entry point, node manager must verify the remote
user is the same as the container user to start the web socket session.  One possible solution
is to verify the web request user matches yarn container local directory owne during onWebSocketConnect..



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message