We have used selinux on our large cluster with HDFS (we don't use MR).
The only issue I've found is that the mount program does not have
permission to execute java, which prohibits you from mounting the fuse
filesystem from /etc/fstab. This is fixed with the policy file below.
require {
type mount_t;
type shell_exec_t;
type proc_net_t;
type random_device_t;
type java_exec_t;
type fusefs_t;
class process { execstack execmem getsched setrlimit };
class tcp_socket { accept listen };
class chr_file read;
class file { execute read getattr execute_no_trans };
class dir { read getattr search };
}
#= mount_t ==
allow mount_t fusefs_t:dir { read getattr };
allow mount_t java_exec_t:file { read getattr execute execute_no_trans };
allow mount_t proc_net_t:dir search;
allow mount_t proc_net_t:file { read getattr };
allow mount_t random_device_t:chr_file read;
allow mount_t self:process { execstack execmem getsched setrlimit };
allow mount_t self:tcp_socket { accept listen };
allow mount_t shell_exec_t:file { read execute getattr execute_no_trans };
--Mike
On 01/05/2010 08:05 AM, Gibbon, Robert, VF-Group wrote:
Hello list
Can someone please tell me if it would be possible to run hadoop with SELinux
enabled across the cluster? Are there any known issues or better, how2's I can
be pointed at? Also interested in running iptables on the nodes - easy to do?
Many thanks in advance
Robert
Robert Gibbon
Solutions Architect
Integration Design Solution Engineering
Vodafone Group Service GmbH
Mannesmannufer 2, D-40213 Düsseldorf, Germany
Amtsgericht Düsseldorf, HRB 53554
Geschäftsführung: Helmut Hoffmann, Dr. Joachim Peters
smime.p7s
Description: S/MIME Cryptographic Signature
