As ATM and Steve have already commented, selinux isn't really
comparable to the existing Hadoop security framework. These are just
two things that have different functions. The Hadoop security
framework needs to deal with authenticating users over the network,
managing Kerberos and active directo
SELinux does nothing for Hadoop cluster security at the data-layer, which is
why there tools on top, not only to lock down systems, but to provide better
data governance: where did things come from, has it been tainted by merging
with sensitive data, etc, etc.
Where it could be good is
1. All
a Consultancy Services Limited
> > > 415/21-24, Kumaran Nagar,
> > > Sholinganallur,
> > > Old Mahabalipuram,
> > > Chennai - 600 119,Tamil Nadu
> > > India
> > > Cell:- +91-9840141129
> > > Mailto: madhan.sundarara...@tcs.com
> > > Website: http://www.tcs.com
> &
tainty. IT Services
> > Business Solutions
> >Consulting
> >
> >
> >
> >
> > From: Allen Wittenauer
> > To: common-dev@hadoop.apache.org
> > Date
xperience certainty. IT Services
>Business Solutions
>Consulting
>
>
>
>
> From: Allen Wittenauer
> To: common-dev@hadoop.apache.org
> Date: 03/26/2015 06:51 PM
> Subject:Re: Hadoop Common: Why not re-use the Securit
ience certainty. IT Services
Business Solutions
Consulting
From: Allen Wittenauer
To: common-dev@hadoop.apache.org
Date: 03/26/2015 06:51 PM
Subject: Re: Hadoop Common: Why not re-use the
How would you propose we use SELinux features to support security,
especially in a distributed manner where clients might be under different
administrative controls? What about the non-Linux platforms that Hadoop runs
on?
On Mar 26, 2015, at 3:46 AM, Madhan Sundararajan
wrote:
>
Team,
SELINUX was introduced to bring in a robust security management in Linux
OS.
In all distributions of Hadoop (Cloudera/Hortonworks/...) one of the
pre-installation checklist items is to disable SELINUX in all the nodes of
the cluster.
Why not re-use the security model offered by SELIN