[ https://issues.apache.org/jira/browse/YARN-8838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16669437#comment-16669437 ]
Eric Yang commented on YARN-8838: --------------------------------- Patch 002 allows YARN admin user to login to container, if yarn.acl.enable feature is enabled. > Add security check for container user is same as websocket user > --------------------------------------------------------------- > > Key: YARN-8838 > URL: https://issues.apache.org/jira/browse/YARN-8838 > Project: Hadoop YARN > Issue Type: Sub-task > Components: nodemanager > Reporter: Eric Yang > Assignee: Eric Yang > Priority: Major > Labels: docker > Attachments: YARN-8838.001.patch, YARN-8838.002.patch > > > When user is authenticate via SPNEGO entry point, node manager must verify > the remote user is the same as the container user to start the web socket > session. One possible solution is to verify the web request user matches > yarn container local directory owne during onWebSocketConnect.. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org