[ https://issues.apache.org/jira/browse/YARN-5554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15727669#comment-15727669 ]
Wilfred Spiegelenburg commented on YARN-5554: --------------------------------------------- The main point is that the {{ClientRMService}} does not have direct access to the Scheduler. All access checks run through the {{QueueACLsManager}} or the {{ApplicationACLsManager}}. Any change must thus go through that. In this case the new method was introduced because the current method does not have the destination queue available. We need to check the destination queue the originating queue is already checked earlier by calling the existing method. The passed in application has not been moved yet and thus still has the original queue. Updating the application is not possible because that would pre-empt the fact that the application can and will be moved. The target queue checks are performed because it comes out of the move request and has not been checked at the time the access check is performed. To be able to distinguish between an access denied and a queue that does not exist the log message was added if the queue returned is empty. Without that check, and the log entries, at that point we would not be able to trace back that difference. I looked at folding the two methods into one to remove some code duplication but stopped with that. The small but important differences between the two methods required a number of {{if ... else ...}} constructs which made the code really difficult to read and understand. > MoveApplicationAcrossQueues does not check user permission on the target queue > ------------------------------------------------------------------------------ > > Key: YARN-5554 > URL: https://issues.apache.org/jira/browse/YARN-5554 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager > Affects Versions: 2.7.2 > Reporter: Haibo Chen > Assignee: Wilfred Spiegelenburg > Labels: oct16-medium > Attachments: YARN-5554.10.patch, YARN-5554.11.patch, > YARN-5554.2.patch, YARN-5554.3.patch, YARN-5554.4.patch, YARN-5554.5.patch, > YARN-5554.6.patch, YARN-5554.7.patch, YARN-5554.8.patch, YARN-5554.9.patch > > > moveApplicationAcrossQueues operation currently does not check user > permission on the target queue. This incorrectly allows one user to move > his/her own applications to a queue that the user has no access to -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org