[jira] [Commented] (MAPREDUCE-3175) Yarn httpservers not created with access Control lists

Tue, 25 Oct 2011 15:16:56 -0700 

    [ 
https://issues.apache.org/jira/browse/MAPREDUCE-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13135485#comment-13135485
 ] 

Hadoop QA commented on MAPREDUCE-3175:
--------------------------------------

-1 overall.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12500529/MAPREDUCE-3175.patch
  against trunk revision .

    +1 @author.  The patch does not contain any @author tags.

    +1 tests included.  The patch appears to include 6 new or modified tests.

    +1 javadoc.  The javadoc tool did not generate any warning messages.

    -1 javac.  The patch appears to cause tar ant target to fail.

    -1 findbugs.  The patch appears to cause Findbugs (version 1.3.9) to fail.

    +1 release audit.  The applied patch does not increase the total number of 
release audit warnings.

    -1 core tests.  The patch failed the unit tests build

    +1 contrib tests.  The patch passed contrib unit tests.

Test results: 
https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1141//testReport/
Console output: 
https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/1141//console

This message is automatically generated.
                
> Yarn httpservers not created with access Control lists
> ------------------------------------------------------
>
>                 Key: MAPREDUCE-3175
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-3175
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: mrv2
>    Affects Versions: 0.23.0
>            Reporter: Thomas Graves
>            Assignee: Jonathan Eagles
>            Priority: Blocker
>         Attachments: MAPREDUCE-3175.patch, MAPREDUCE-3175.patch, 
> MAPREDUCE-3175.patch
>
>
> RM, NM, job history, and application master httpservers are not created with 
> access Control lists. I believe this means that anyone can access any of the 
> standard servlets that check to see if the user has administrator access - 
> like /jmx, /stacks, etc and ops has no way to restrict access to these things.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to