Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-6447

Provide container sandbox policies for groups

Log workAgile BoardRank to TopRank to BottomAttach filesAttach ScreenshotBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 3.0.0-alpha4
    • 3.0.0-alpha4
    • nodemanager, yarn
    • None
    • Reviewed
    • Patch

    Description

      Currently the container sandbox feature (YARN-5280) allows YARN administrators to use one Java Security Manager policy file to limit the permissions granted to YARN containers. It would be useful to allow for different policy files to be used based on groups.

      For example, an administrator may want to ensure standard users who write applications for the MapReduce or Tez frameworks are not allowed to open arbitrary network connections within their data processing code. Users who are designing the ETL pipelines however may need to open sockets to extract data from external sources. By assigning these sets of users to different groups and setting specific policies for each group you can assert fine grained control over the permissions granted to each Java based container across a YARN cluster.

      Attachments

        1. YARN-6447.001.patch
          17 kB
          Greg Phillips
        2. YARN-6447.002.patch
          20 kB
          Greg Phillips
        3. YARN-6447.003.patch
          20 kB
          Greg Phillips

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            gphillips Greg Phillips Assign to me
            gphillips Greg Phillips
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment