You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Eric Yang (JIRA)" <ji...@apache.org> on 2018/11/05 22:40:00 UTC
[jira] [Updated] (YARN-8838) Add security check for container user
is same as websocket user
[ https://issues.apache.org/jira/browse/YARN-8838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Yang updated YARN-8838:
----------------------------
Attachment: YARN-8838.004.patch
> Add security check for container user is same as websocket user
> ---------------------------------------------------------------
>
> Key: YARN-8838
> URL: https://issues.apache.org/jira/browse/YARN-8838
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: nodemanager
> Reporter: Eric Yang
> Assignee: Eric Yang
> Priority: Major
> Labels: docker
> Attachments: YARN-8838.001.patch, YARN-8838.002.patch, YARN-8838.003.patch, YARN-8838.004.patch
>
>
> When user is authenticate via SPNEGO entry point, node manager must verify the remote user is the same as the container user to start the web socket session. One possible solution is to verify the web request user matches yarn container local directory owne during onWebSocketConnect..
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org