[
https://issues.apache.org/jira/browse/HDFS-6705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Charles Lamb updated HDFS-6705:
-------------------------------
Attachment: HDFS-6705.007.patch
bq. I see getXAttrs and unprotectedGetXAttrs in this patch; is this change
supposed to be here?
Yes. This is in response to your previous comment "We're still doing another
path resolution to do checkUnreadableBySuperuser. Can we try to reuse the inode
from the IIP just below? This would also let us avoid throwing IOException in
the check method."
bq. Would still prefer if in the test, special1 was renamed to something else
like security1
Oh sorry. When you said "Mention of "special" xattr is non-specific, could we
say "unreadable by superuser" or "UBS" or something instead?" I thought you
were only referring to the comments. Anyway, I've changed it from special1 to
security1.
> Create an XAttr that disallows the HDFS admin from accessing a file
> -------------------------------------------------------------------
>
> Key: HDFS-6705
> URL: https://issues.apache.org/jira/browse/HDFS-6705
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: namenode, security
> Affects Versions: 3.0.0
> Reporter: Charles Lamb
> Assignee: Charles Lamb
> Attachments: HDFS-6705.001.patch, HDFS-6705.002.patch,
> HDFS-6705.003.patch, HDFS-6705.004.patch, HDFS-6705.005.patch,
> HDFS-6705.006.patch, HDFS-6705.007.patch
>
>
> There needs to be an xattr that specifies that the HDFS admin can not access
> a file. This is needed for m/r delegation tokens and data at rest encryption.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
