[jira] [Created] (YARN-11066) Flexible AQC doesn't check the Queue ACLs when submitting apps
Tamas Domok created YARN-11066:
--
Summary: Flexible AQC doesn't check the Queue ACLs when submitting
apps
Key: YARN-11066
URL: https://issues.apache.org/jira/browse/YARN-11066
Project: Hadoop YARN
Issue Type: Bug
Components: capacityscheduler, yarn
Affects Versions: 3.4.0
Reporter: Tamas Domok
Assignee: Tamas Domok
Attachments: capacity-scheduler.xml
Reproduction steps:
1. Use the attached configuration: [^capacity-scheduler.xml]
2. Enable *yarn.acl.enable* in yarn-site.xml.
3. Try to submit an application with any user other than *user1, user2, user3*.
{code}
yarn jar hadoop-mapreduce-examples-3.4.0-SNAPSHOT.jar pi 1 10
{code}
The *first* app submission will succeed with *someuser:somegroup* the
*root.parent.somegroup.someuser* queue will be created. When the
*root.parent.somegroup* dynamic parent queue already exists then the ACLs in
*root.parent* will be checked and the *someuser* won't be able to submit an
another app. But queues are deleted automatically, so this is a serious
security issue.
This issue doesn't happen when dynamic parent queue is not created just a
dynamic leaf queue.
Another inconsistency is that the ACLs configured with templates works on
dynamic leaf queues, but not when there is a dynamic parent queue too.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
-
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-11065) Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui
[ https://issues.apache.org/jira/browse/YARN-11065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Akira Ajisaka updated YARN-11065: - Fix Version/s: 3.3.3 Backported to branch-3.3. > Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui > - > > Key: YARN-11065 > URL: https://issues.apache.org/jira/browse/YARN-11065 > Project: Hadoop YARN > Issue Type: Bug > Components: yarn-ui-v2 >Reporter: Akira Ajisaka >Priority: Major > Labels: pull-request-available > Fix For: 3.4.0, 3.3.3 > > Time Spent: 10m > Remaining Estimate: 0h > > Upgrade follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui. -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Resolved] (YARN-11065) Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui
[ https://issues.apache.org/jira/browse/YARN-11065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Akira Ajisaka resolved YARN-11065. -- Fix Version/s: 3.4.0 Resolution: Fixed > Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui > - > > Key: YARN-11065 > URL: https://issues.apache.org/jira/browse/YARN-11065 > Project: Hadoop YARN > Issue Type: Bug > Components: yarn-ui-v2 >Reporter: Akira Ajisaka >Priority: Major > Labels: pull-request-available > Fix For: 3.4.0 > > Time Spent: 10m > Remaining Estimate: 0h > > Upgrade follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui. -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-11065) Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui
[ https://issues.apache.org/jira/browse/YARN-11065?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17479336#comment-17479336 ] Akira Ajisaka commented on YARN-11065: -- Merged [https://github.com/apache/hadoop/pull/3890] into trunk. The PR is created by dependabot, so let the assignee empty. > Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui > - > > Key: YARN-11065 > URL: https://issues.apache.org/jira/browse/YARN-11065 > Project: Hadoop YARN > Issue Type: Bug > Components: yarn-ui-v2 >Reporter: Akira Ajisaka >Priority: Major > Labels: pull-request-available > Time Spent: 10m > Remaining Estimate: 0h > > Upgrade follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui. -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Updated] (YARN-11065) Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui
[ https://issues.apache.org/jira/browse/YARN-11065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] ASF GitHub Bot updated YARN-11065: -- Labels: pull-request-available (was: ) > Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui > - > > Key: YARN-11065 > URL: https://issues.apache.org/jira/browse/YARN-11065 > Project: Hadoop YARN > Issue Type: Bug > Components: yarn-ui-v2 >Reporter: Akira Ajisaka >Priority: Major > Labels: pull-request-available > Time Spent: 10m > Remaining Estimate: 0h > > Upgrade follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui. -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Created] (YARN-11065) Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui
Akira Ajisaka created YARN-11065: Summary: Bump follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui Key: YARN-11065 URL: https://issues.apache.org/jira/browse/YARN-11065 Project: Hadoop YARN Issue Type: Bug Components: yarn-ui-v2 Reporter: Akira Ajisaka Upgrade follow-redirects from 1.13.3 to 1.14.7 in hadoop-yarn-ui. -- This message was sent by Atlassian Jira (v8.20.1#820001) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
