Ravi Prakash commented on YARN-2424:

Hi Tucu! I'd brought it up only because in the earlier comment you'd said
bq. Ravi, all the config in the container-executor.cfg is EXCLUSIVELY for 
enforcing constraints on the process to be launched, it does not restrict a 
launched JVM process from doing a System.setProperty("user.name", "ANY") to 
gain access to +*HDFS*+ as user ANY (if Kerberos is ON, setting 'user.name' 
property has no effect).
I'm glad we agree that YARN-1253 wasn't about protecting HDFS or YARN.

bq. it is about protecting the node at OS level by enforcing the use of a least 
privileged user.
So if we enforced the use of several least privileged users (instead of only 
1), is that not just as secure? Would you argue that with the proper use of 
blacklists and whitelists this cannot be achieved?

> LCE should support non-cgroups, non-secure mode
> -----------------------------------------------
>                 Key: YARN-2424
>                 URL: https://issues.apache.org/jira/browse/YARN-2424
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>    Affects Versions: 2.3.0, 2.4.0, 2.5.0, 2.4.1
>            Reporter: Allen Wittenauer
>            Priority: Blocker
>         Attachments: YARN-2424.patch
> After YARN-1253, LCE no longer works for non-secure, non-cgroup scenarios.  
> This is a fairly serious regression, as turning on LCE prior to turning on 
> full-blown security is a fairly standard procedure.

This message was sent by Atlassian JIRA

Reply via email to