[jira] [Commented] (YARN-8838) Add security check for container user is same as websocket user

Eric Yang (JIRA) Tue, 30 Oct 2018 16:39:23 -0700


    [ 
https://issues.apache.org/jira/browse/YARN-8838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16669437#comment-16669437
 ]


Eric Yang commented on YARN-8838:
---------------------------------

Patch 002 allows YARN admin user to login to container, if yarn.acl.enable 
feature is enabled.

> Add security check for container user is same as websocket user
> ---------------------------------------------------------------
>
>                 Key: YARN-8838
>                 URL: https://issues.apache.org/jira/browse/YARN-8838
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: nodemanager
>            Reporter: Eric Yang
>            Assignee: Eric Yang
>            Priority: Major
>              Labels: docker
>         Attachments: YARN-8838.001.patch, YARN-8838.002.patch
>
>
> When user is authenticate via SPNEGO entry point, node manager must verify 
> the remote user is the same as the container user to start the web socket 
> session.  One possible solution is to verify the web request user matches 
> yarn container local directory owne during onWebSocketConnect..



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

[jira] [Commented] (YARN-8838) Add security check for container user is same as websocket user

Reply via email to