[jira] [Commented] (YARN-5280) Allow YARN containers to run with Java Security Manager

Sun, 26 Feb 2017 17:55:00 -0800 

    [ 
https://issues.apache.org/jira/browse/YARN-5280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15885022#comment-15885022
 ] 

Greg Phillips commented on YARN-5280:
-------------------------------------

[~rkanter] I tested {{TestContainerManagerSecurity}} with and without 008 and 
they each failed ~70% of the time (across ~20 runs each).  There seems to be a 
race condition introduced in YARN-2584.  
{code:title=TestContainerManagerSecurity.java}
    while ((interval-- > 0)
        && !nmContet.getContainers().get(containerId)
          .cloneAndGetContainerStatus().getState()
          .equals(ContainerState.COMPLETE)) {
{code}

The {{nmContet.getContainers().get(containerId)}} can return null.  It seems 
the race is between the container being set to complete and it being completely 
removed from the Map.  In any case it seems to be unrelated to YARN-5280, I 
will open another ticket to address this issue if you agree.

> Allow YARN containers to run with Java Security Manager
> -------------------------------------------------------
>
>                 Key: YARN-5280
>                 URL: https://issues.apache.org/jira/browse/YARN-5280
>             Project: Hadoop YARN
>          Issue Type: New Feature
>          Components: nodemanager, yarn
>    Affects Versions: 2.6.4
>            Reporter: Greg Phillips
>            Assignee: Greg Phillips
>            Priority: Minor
>              Labels: oct16-medium
>         Attachments: YARN-5280.001.patch, YARN-5280.002.patch, 
> YARN-5280.003.patch, YARN-5280.004.patch, YARN-5280.005.patch, 
> YARN-5280.006.patch, YARN-5280.007.patch, YARN-5280.008.patch, 
> YARN-5280.patch, YARNContainerSandbox.pdf
>
>
> YARN applications have the ability to perform privileged actions which have 
> the potential to add instability into the cluster. The Java Security Manager 
> can be used to prevent users from running privileged actions while still 
> allowing their core data processing use cases. 
> Introduce a YARN flag which will allow a Hadoop administrator to enable the 
> Java Security Manager for user code, while still providing complete 
> permissions to core Hadoop libraries.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to