[jira] [Created] (YARN-11066) Flexible AQC doesn't check the Queue ACLs when submitting apps
Tamas Domok created YARN-11066: -- Summary: Flexible AQC doesn't check the Queue ACLs when submitting apps Key: YARN-11066 URL: https://issues.apache.org/jira/browse/YARN-11066 Project: Hadoop YARN Issue Type: Bug Components: capacityscheduler, yarn Affects Versions: 3.4.0 Reporter: Tamas Domok Assignee: Tamas Domok Attachments: capacity-scheduler.xml Reproduction steps: 1. Use the attached configuration: [^capacity-scheduler.xml] 2. Enable *yarn.acl.enable* in yarn-site.xml. 3. Try to submit an application with any user other than *user1, user2, user3*. {code} yarn jar hadoop-mapreduce-examples-3.4.0-SNAPSHOT.jar pi 1 10 {code} The *first* app submission will succeed with *someuser:somegroup* the *root.parent.somegroup.someuser* queue will be created. When the *root.parent.somegroup* dynamic parent queue already exists then the ACLs in *root.parent* will be checked and the *someuser* won't be able to submit an another app. But queues are deleted automatically, so this is a serious security issue. This issue doesn't happen when dynamic parent queue is not created just a dynamic leaf queue. Another inconsistency is that the ACLs configured with templates works on dynamic leaf queues, but not when there is a dynamic parent queue too. -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-11065) Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui
[ https://issues.apache.org/jira/browse/YARN-11065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Akira Ajisaka updated YARN-11065: - Fix Version/s: 3.3.3 Backported to branch-3.3. > Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui > - > > Key: YARN-11065 > URL: https://issues.apache.org/jira/browse/YARN-11065 > Project: Hadoop YARN > Issue Type: Bug > Components: yarn-ui-v2 >Reporter: Akira Ajisaka >Priority: Major > Labels: pull-request-available > Fix For: 3.4.0, 3.3.3 > > Time Spent: 10m > Remaining Estimate: 0h > > Upgrade follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui. -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Resolved] (YARN-11065) Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui
[ https://issues.apache.org/jira/browse/YARN-11065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Akira Ajisaka resolved YARN-11065. -- Fix Version/s: 3.4.0 Resolution: Fixed > Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui > - > > Key: YARN-11065 > URL: https://issues.apache.org/jira/browse/YARN-11065 > Project: Hadoop YARN > Issue Type: Bug > Components: yarn-ui-v2 >Reporter: Akira Ajisaka >Priority: Major > Labels: pull-request-available > Fix For: 3.4.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Upgrade follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui. -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-11065) Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui
[ https://issues.apache.org/jira/browse/YARN-11065?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17479336#comment-17479336 ] Akira Ajisaka commented on YARN-11065: -- Merged [https://github.com/apache/hadoop/pull/3890] into trunk. The PR is created by dependabot, so let the assignee empty. > Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui > - > > Key: YARN-11065 > URL: https://issues.apache.org/jira/browse/YARN-11065 > Project: Hadoop YARN > Issue Type: Bug > Components: yarn-ui-v2 >Reporter: Akira Ajisaka >Priority: Major > Labels: pull-request-available > Time Spent: 10m > Remaining Estimate: 0h > > Upgrade follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui. -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-11065) Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui
[ https://issues.apache.org/jira/browse/YARN-11065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] ASF GitHub Bot updated YARN-11065: -- Labels: pull-request-available (was: ) > Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui > - > > Key: YARN-11065 > URL: https://issues.apache.org/jira/browse/YARN-11065 > Project: Hadoop YARN > Issue Type: Bug > Components: yarn-ui-v2 >Reporter: Akira Ajisaka >Priority: Major > Labels: pull-request-available > Time Spent: 10m > Remaining Estimate: 0h > > Upgrade follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui. -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Created] (YARN-11065) Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui
Akira Ajisaka created YARN-11065: Summary: Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui Key: YARN-11065 URL: https://issues.apache.org/jira/browse/YARN-11065 Project: Hadoop YARN Issue Type: Bug Components: yarn-ui-v2 Reporter: Akira Ajisaka Upgrade follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui. -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org