[
https://issues.apache.org/jira/browse/YARN-5280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15371530#comment-15371530
]
Greg Phillips commented on YARN-5280:
-------------------------------------
Hello [~lmccay] - Thanks for the link to the EE specification for application
permission requests. Given the range of frameworks that use YARN there is
definitely utility in creating framework level rulesets. In order to prevent
users from granting themselves excess permissions this would likely need to
take the form of server side configurations. Thus far this effort has entailed
providing all permissions to trusted code such as core hadoop libraries and
surrounding projects (Pig, Hive, Oozie, etc.) while limiting privileges to the
user contributed code that performs the processing. I would be interested to
see if we could adopt a similar model for Slider; full privileges for the core
libraries while locking down the user code. Initially I would like to prove
this feature against MapReduce and the frameworks that leverage it.
Additionally the solution must be extensible enough so other YARN frameworks
can be handled differently by the NodeManager: either by disabling the security
manager, or by providing a different set of permissions.
In secure installations of Hadoop the creation and management of keystores is
already a necessity. I have written some prototype utilities which streamline
the process of signing Hadoop libraries. For Pig and Hive the dynamically
created jars will need to be broken out. I have a test build of Pig which
instead of creating an UberJar adds the necessary libs to tmpjars. This allows
the libraries to maintain their signatures, and ultimately decreases the
overhead of running Pig jobs since the broken out libraries will now be able to
exist in the filecache. If this seems like an appropriate path I will create
the subtasks for Hive and Pig.
> Allow YARN containers to run with Java Security Manager
> -------------------------------------------------------
>
> Key: YARN-5280
> URL: https://issues.apache.org/jira/browse/YARN-5280
> Project: Hadoop YARN
> Issue Type: New Feature
> Components: nodemanager, yarn
> Affects Versions: 2.6.4
> Reporter: Greg Phillips
> Priority: Minor
> Attachments: YARN-5280.patch, YARNContainerSandbox.pdf
>
>
> YARN applications have the ability to perform privileged actions which have
> the potential to add instability into the cluster. The Java Security Manager
> can be used to prevent users from running privileged actions while still
> allowing their core data processing use cases.
> Introduce a YARN flag which will allow a Hadoop administrator to enable the
> Java Security Manager for user code, while still providing complete
> permissions to core Hadoop libraries.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
