Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-2198 Remove the need to run NodeManager as privileged account for Windows Secure Container Executor
  3. YARN-2551

Windows Secure Cotnainer Executor: Add checks to validate that the wsce-site.xml is write restricted to Administrators only

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Implemented
    • None
    • None
    • nodemanager

    Description

      The wsce-site.xml containes the impersonate.allowed and impersonate.denied keys that restrict/control the users that can be impersonated by the WSCE containers. The impersonation frameworks in winutils should validate that only Administrators have write control on this file.

      This is similar to how LCE is validating that only root has write permissions on container-executor.cfg file on secure Linux clusters.

      Attachments

        1. YARN-2551.1.patch
          5 kB
          Remus Rusanu

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            rusanu Remus Rusanu
            rusanu Remus Rusanu
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment