[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16942396#comment-16942396 ] Eric Yang commented on YARN-9834: - {quote}Like I already explained in our meeting. There is no concrete

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16942361#comment-16942361 ] shanyu zhao commented on YARN-9834: --- [~eyang] Please see my response inline: {quote}The current patch

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16942349#comment-16942349 ] Eric Yang commented on YARN-9834: - There was a community meeting called to discuss this issue, people

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16932748#comment-16932748 ] shanyu zhao commented on YARN-9834: --- [~eyang] {quote}User's home directory may be used by multiple

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16932594#comment-16932594 ] Eric Yang commented on YARN-9834: - [~shanyu] There are too many security defects to list them all. I just

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16932085#comment-16932085 ] shanyu zhao commented on YARN-9834: --- Thanks for the review [~eyang]. If you see any security hole in

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16932041#comment-16932041 ] Eric Yang commented on YARN-9834: - Sorry, this design looks too risky for me to consider. I will let

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16932009#comment-16932009 ] shanyu zhao commented on YARN-9834: --- {quote}Given the reasoning of node manager running in Docker

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16931975#comment-16931975 ] Eric Yang commented on YARN-9834: - {quote}"host" in this scenario is the Docker container running node

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16931953#comment-16931953 ] shanyu zhao commented on YARN-9834: --- {quote}I think host joining AD is required to keep authorized

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16931946#comment-16931946 ] Eric Yang commented on YARN-9834: - {quote}For SSSD to work it needs to have credentials to talk to LDAP,

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16931725#comment-16931725 ] shanyu zhao commented on YARN-9834: --- [~eyang] {quote}The mechanism doesn't need to be different between

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16931554#comment-16931554 ] Eric Yang commented on YARN-9834: - [~shanyu] {quote}You are talking about Docker container executor. What

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16930998#comment-16930998 ] shanyu zhao commented on YARN-9834: --- [~eyang], You are talking about Docker container executor. What I

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16930980#comment-16930980 ] Eric Yang commented on YARN-9834: - [~shanyu] {quote}I forgot to mention that for Winbind/SSSD to work the

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16930945#comment-16930945 ] shanyu zhao commented on YARN-9834: --- Thanks [~eyang]! I forgot to mention that for Winbind/SSSD to work

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16930716#comment-16930716 ] Eric Yang commented on YARN-9834: - [~shanyu] SSSD does not mirror all users, and it only caches users on

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16929804#comment-16929804 ] shanyu zhao commented on YARN-9834: --- [~ashvin] I missed that file during git push, it is added now.

[jira] [Commented] (YARN-9834) Allow using a pool of local users to run Yarn Secure Container in secure mode

[ https://issues.apache.org/jira/browse/YARN-9834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16929676#comment-16929676 ] Ashvin commented on YARN-9834: -- Hi [~shanyu]. I took a quick look at the pull request. Is it missing some