[jira] [Comment Edited] (YARN-5280) Allow YARN containers to run with Java Security Manager

Mon, 27 Feb 2017 08:17:34 -0800 

    [ 
https://issues.apache.org/jira/browse/YARN-5280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15885969#comment-15885969
 ] 

Greg Phillips edited comment on YARN-5280 at 2/27/17 4:16 PM:
--------------------------------------------------------------

[~vvasudev] Thanks for reviewing the patch.  The ContainerRuntimeContext is 
used across all methods in the ContainerRuntime interface:
{code:title=ContainerRuntime.java}
  void prepareContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
  void launchContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
  void signalContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
  void reapContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
{code}
The goal was to conform to the existing ContainerRuntime interface, though it 
definitely could make sense to merge the various Context's in a separate ticket.


was (Author: gphillips):
[~vvasudev] Thanks for reviewing the patch.  The ContainerRuntimeContext is 
used across all methods in the ContainerRuntime interface:
{code:title=ContainerRuntime.java}
  void prepareContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
  void launchContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
  void signalContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
  void reapContainer(ContainerRuntimeContext ctx)
      throws ContainerExecutionException;
{code}
The goal was to conform to the existing ContainerRuntime interface, though it 
definitely could make sense to merge the various Context's in a separate patch.

> Allow YARN containers to run with Java Security Manager
> -------------------------------------------------------
>
>                 Key: YARN-5280
>                 URL: https://issues.apache.org/jira/browse/YARN-5280
>             Project: Hadoop YARN
>          Issue Type: New Feature
>          Components: nodemanager, yarn
>    Affects Versions: 2.6.4
>            Reporter: Greg Phillips
>            Assignee: Greg Phillips
>            Priority: Minor
>              Labels: oct16-medium
>         Attachments: YARN-5280.001.patch, YARN-5280.002.patch, 
> YARN-5280.003.patch, YARN-5280.004.patch, YARN-5280.005.patch, 
> YARN-5280.006.patch, YARN-5280.007.patch, YARN-5280.008.patch, 
> YARN-5280.patch, YARNContainerSandbox.pdf
>
>
> YARN applications have the ability to perform privileged actions which have 
> the potential to add instability into the cluster. The Java Security Manager 
> can be used to prevent users from running privileged actions while still 
> allowing their core data processing use cases. 
> Introduce a YARN flag which will allow a Hadoop administrator to enable the 
> Java Security Manager for user code, while still providing complete 
> permissions to core Hadoop libraries.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to