You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Andrew Onischuk <ao...@hortonworks.com> on 2015/05/21 17:58:41 UTC
Review Request 34549: Non-secure clusters should not install the
linux task controller
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34549/
-----------------------------------------------------------
Review request for Ambari and Vitalyi Brodetskyi.
Bugs: AMBARI-11307
https://issues.apache.org/jira/browse/AMBARI-11307
Repository: ambari
Description
-------
In insecure clusters, all user code runs as mapred. With our default insecure
install, the setuid to root linux task controller provides mapred with the
ability to run processes as any user. The combination of these is bad. I think
we should separate out the setuid executable to a separate rpm that is only
installed on secure clusters.
Diffs
-----
ambari-common/src/main/python/resource_management/core/providers/system.py ba64e5d
ambari-common/src/main/python/resource_management/core/sudo.py ebde23d
ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py da7b9b4
ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py 53bdba1
ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py cd5041b
ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_client.py f8bccac
ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py 5c517f1
ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py b775f48
ambari-server/src/test/python/stacks/2.0.6/YARN/test_yarn_client.py 9966581
ambari-server/src/test/python/stacks/2.1/YARN/test_apptimelineserver.py c8a3033
Diff: https://reviews.apache.org/r/34549/diff/
Testing
-------
mvn clean test
Thanks,
Andrew Onischuk
Re: Review Request 34549: Non-secure clusters should not install the
linux task controller
Posted by Vitalyi Brodetskyi <vb...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34549/#review84732
-----------------------------------------------------------
Ship it!
Ship It!
- Vitalyi Brodetskyi
On Травень 21, 2015, 4:49 після полудня, Andrew Onischuk wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34549/
> -----------------------------------------------------------
>
> (Updated Травень 21, 2015, 4:49 після полудня)
>
>
> Review request for Ambari and Vitalyi Brodetskyi.
>
>
> Bugs: AMBARI-11307
> https://issues.apache.org/jira/browse/AMBARI-11307
>
>
> Repository: ambari
>
>
> Description
> -------
>
> In insecure clusters, all user code runs as mapred. With our default insecure
> install, the setuid to root linux task controller provides mapred with the
> ability to run processes as any user. The combination of these is bad. I think
> we should separate out the setuid executable to a separate rpm that is only
> installed on secure clusters.
>
>
> Diffs
> -----
>
> ambari-common/src/main/python/resource_management/core/providers/system.py ba64e5d
> ambari-common/src/main/python/resource_management/core/sudo.py ebde23d
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py da7b9b4
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py 53bdba1
> ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py cd5041b
> ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_client.py f8bccac
> ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py 5c517f1
> ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py b775f48
> ambari-server/src/test/python/stacks/2.0.6/YARN/test_yarn_client.py 9966581
> ambari-server/src/test/python/stacks/2.1/YARN/test_apptimelineserver.py c8a3033
>
> Diff: https://reviews.apache.org/r/34549/diff/
>
>
> Testing
> -------
>
> mvn clean test
>
>
> Thanks,
>
> Andrew Onischuk
>
>
Re: Review Request 34549: Non-secure clusters should not install the
linux task controller
Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34549/
-----------------------------------------------------------
(Updated May 21, 2015, 4:49 p.m.)
Review request for Ambari and Vitalyi Brodetskyi.
Bugs: AMBARI-11307
https://issues.apache.org/jira/browse/AMBARI-11307
Repository: ambari
Description
-------
In insecure clusters, all user code runs as mapred. With our default insecure
install, the setuid to root linux task controller provides mapred with the
ability to run processes as any user. The combination of these is bad. I think
we should separate out the setuid executable to a separate rpm that is only
installed on secure clusters.
Diffs (updated)
-----
ambari-common/src/main/python/resource_management/core/providers/system.py ba64e5d
ambari-common/src/main/python/resource_management/core/sudo.py ebde23d
ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py da7b9b4
ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py 53bdba1
ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py cd5041b
ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_client.py f8bccac
ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py 5c517f1
ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py b775f48
ambari-server/src/test/python/stacks/2.0.6/YARN/test_yarn_client.py 9966581
ambari-server/src/test/python/stacks/2.1/YARN/test_apptimelineserver.py c8a3033
Diff: https://reviews.apache.org/r/34549/diff/
Testing
-------
mvn clean test
Thanks,
Andrew Onischuk
Re: Review Request 34549: Non-secure clusters should not install the
linux task controller
Posted by Vitalyi Brodetskyi <vb...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34549/#review84716
-----------------------------------------------------------
Ship it!
Ship It!
- Vitalyi Brodetskyi
On Травень 21, 2015, 3:58 після полудня, Andrew Onischuk wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34549/
> -----------------------------------------------------------
>
> (Updated Травень 21, 2015, 3:58 після полудня)
>
>
> Review request for Ambari and Vitalyi Brodetskyi.
>
>
> Bugs: AMBARI-11307
> https://issues.apache.org/jira/browse/AMBARI-11307
>
>
> Repository: ambari
>
>
> Description
> -------
>
> In insecure clusters, all user code runs as mapred. With our default insecure
> install, the setuid to root linux task controller provides mapred with the
> ability to run processes as any user. The combination of these is bad. I think
> we should separate out the setuid executable to a separate rpm that is only
> installed on secure clusters.
>
>
> Diffs
> -----
>
> ambari-common/src/main/python/resource_management/core/providers/system.py ba64e5d
> ambari-common/src/main/python/resource_management/core/sudo.py ebde23d
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py da7b9b4
> ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py 53bdba1
> ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py cd5041b
> ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_client.py f8bccac
> ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py 5c517f1
> ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py b775f48
> ambari-server/src/test/python/stacks/2.0.6/YARN/test_yarn_client.py 9966581
> ambari-server/src/test/python/stacks/2.1/YARN/test_apptimelineserver.py c8a3033
>
> Diff: https://reviews.apache.org/r/34549/diff/
>
>
> Testing
> -------
>
> mvn clean test
>
>
> Thanks,
>
> Andrew Onischuk
>
>