[ https://issues.apache.org/jira/browse/YARN-5280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15371530#comment-15371530 ]
Greg Phillips commented on YARN-5280: ------------------------------------- Hello [~lmccay] - Thanks for the link to the EE specification for application permission requests. Given the range of frameworks that use YARN there is definitely utility in creating framework level rulesets. In order to prevent users from granting themselves excess permissions this would likely need to take the form of server side configurations. Thus far this effort has entailed providing all permissions to trusted code such as core hadoop libraries and surrounding projects (Pig, Hive, Oozie, etc.) while limiting privileges to the user contributed code that performs the processing. I would be interested to see if we could adopt a similar model for Slider; full privileges for the core libraries while locking down the user code. Initially I would like to prove this feature against MapReduce and the frameworks that leverage it. Additionally the solution must be extensible enough so other YARN frameworks can be handled differently by the NodeManager: either by disabling the security manager, or by providing a different set of permissions. In secure installations of Hadoop the creation and management of keystores is already a necessity. I have written some prototype utilities which streamline the process of signing Hadoop libraries. For Pig and Hive the dynamically created jars will need to be broken out. I have a test build of Pig which instead of creating an UberJar adds the necessary libs to tmpjars. This allows the libraries to maintain their signatures, and ultimately decreases the overhead of running Pig jobs since the broken out libraries will now be able to exist in the filecache. If this seems like an appropriate path I will create the subtasks for Hive and Pig. > Allow YARN containers to run with Java Security Manager > ------------------------------------------------------- > > Key: YARN-5280 > URL: https://issues.apache.org/jira/browse/YARN-5280 > Project: Hadoop YARN > Issue Type: New Feature > Components: nodemanager, yarn > Affects Versions: 2.6.4 > Reporter: Greg Phillips > Priority: Minor > Attachments: YARN-5280.patch, YARNContainerSandbox.pdf > > > YARN applications have the ability to perform privileged actions which have > the potential to add instability into the cluster. The Java Security Manager > can be used to prevent users from running privileged actions while still > allowing their core data processing use cases. > Introduce a YARN flag which will allow a Hadoop administrator to enable the > Java Security Manager for user code, while still providing complete > permissions to core Hadoop libraries. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org