[jira] [Updated] (YARN-2458) Add file handling features to the Windows Secure Container Executor LRPC service
[ https://issues.apache.org/jira/browse/YARN-2458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Remus Rusanu updated YARN-2458: --- Attachment: YARN-2458.2.patch A complete implementation that delegates critical file handling (mkdirs) to the privileged service. Add file handling features to the Windows Secure Container Executor LRPC service Key: YARN-2458 URL: https://issues.apache.org/jira/browse/YARN-2458 Project: Hadoop YARN Issue Type: Sub-task Components: nodemanager Reporter: Remus Rusanu Assignee: Remus Rusanu Labels: security, windows Attachments: YARN-2458.1.patch, YARN-2458.2.patch In the WSCE design the nodemanager needs to do certain privileged operations like change file ownership to arbitrary users or delete files owned by the task container user after completion of the task. As we want to remove the Administrator privilege requirement from the nodemanager service, we have to move these operations into the privileged LRPC helper service. Extend the RPC interface to contain methods for change file ownership and manipulate files, add JNI client side and implement the server side. This will piggyback on the existing LRPC service so is not much infrastructure to add (run as service, RPC init, authentictaion and authorization are already solved). It just needs to be implemented. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (YARN-2458) Add file handling features to the Windows Secure Container Executor LRPC service
[ https://issues.apache.org/jira/browse/YARN-2458?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Remus Rusanu updated YARN-2458: --- Attachment: YARN-2458.1.patch First pass at the issue, the patch attached works. I will do a second pass to fix some hacks (move the native method into NativeIO class and handle DLL loading). Add file handling features to the Windows Secure Container Executor LRPC service Key: YARN-2458 URL: https://issues.apache.org/jira/browse/YARN-2458 Project: Hadoop YARN Issue Type: Sub-task Components: nodemanager Reporter: Remus Rusanu Assignee: Remus Rusanu Labels: security, windows Attachments: YARN-2458.1.patch In the WSCE design the nodemanager needs to do certain privileged operations like change file ownership to arbitrary users or delete files owned by the task container user after completion of the task. As we want to remove the Administrator privilege requirement from the nodemanager service, we have to move these operations into the privileged LRPC helper service. Extend the RPC interface to contain methods for change file ownership and manipulate files, add JNI client side and implement the server side. This will piggyback on the existing LRPC service so is not much infrastructure to add (run as service, RPC init, authentictaion and authorization are already solved). It just needs to be implemented. -- This message was sent by Atlassian JIRA (v6.3.4#6332)