Hexiaoqiao commented on PR #8377: URL: https://github.com/apache/hadoop/pull/8377#issuecomment-4251035674
Sorry -1 from my side. Security issues will be introduced if we expose `SystemCredentials` to container. IIUC, the original purpose of `SystemCredentials` is only for inner-NM to localize or log aggregate, it may include many tokens for different users, This PR try to expose these credentials to end users (or we say new container), it will enlarge permissions which is unauthorized. For long running application, I think one feasible solution is to increase lifetime of time at HDFS side or allow special user(such as YARN) to renew token which over lifetime. welcome more discussion. Thanks. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
