[
https://issues.apache.org/jira/browse/YARN-5554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15727669#comment-15727669
]
Wilfred Spiegelenburg commented on YARN-5554:
---------------------------------------------
The main point is that the {{ClientRMService}} does not have direct access to
the Scheduler. All access checks run through the {{QueueACLsManager}} or the
{{ApplicationACLsManager}}. Any change must thus go through that. In this case
the new method was introduced because the current method does not have the
destination queue available. We need to check the destination queue the
originating queue is already checked earlier by calling the existing method.
The passed in application has not been moved yet and thus still has the
original queue. Updating the application is not possible because that would
pre-empt the fact that the application can and will be moved.
The target queue checks are performed because it comes out of the move request
and has not been checked at the time the access check is performed. To be able
to distinguish between an access denied and a queue that does not exist the log
message was added if the queue returned is empty. Without that check, and the
log entries, at that point we would not be able to trace back that difference.
I looked at folding the two methods into one to remove some code duplication
but stopped with that. The small but important differences between the two
methods required a number of {{if ... else ...}} constructs which made the code
really difficult to read and understand.
> MoveApplicationAcrossQueues does not check user permission on the target queue
> ------------------------------------------------------------------------------
>
> Key: YARN-5554
> URL: https://issues.apache.org/jira/browse/YARN-5554
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager
> Affects Versions: 2.7.2
> Reporter: Haibo Chen
> Assignee: Wilfred Spiegelenburg
> Labels: oct16-medium
> Attachments: YARN-5554.10.patch, YARN-5554.11.patch,
> YARN-5554.2.patch, YARN-5554.3.patch, YARN-5554.4.patch, YARN-5554.5.patch,
> YARN-5554.6.patch, YARN-5554.7.patch, YARN-5554.8.patch, YARN-5554.9.patch
>
>
> moveApplicationAcrossQueues operation currently does not check user
> permission on the target queue. This incorrectly allows one user to move
> his/her own applications to a queue that the user has no access to
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
