You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Andrew Purtell (JIRA)" <ji...@apache.org> on 2015/03/25 21:41:53 UTC

[jira] [Commented] (HADOOP-11747) Why not re-use the security model offered by SELINUX?

    [ https://issues.apache.org/jira/browse/HADOOP-11747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14380726#comment-14380726 ] 

Andrew Purtell commented on HADOOP-11747:
-----------------------------------------

You could repurpose this as a proposal to implement Flask-style type enforcement in Hadoop, with push down to the OS if support is available there for it, like SELinux or TrustedBSD. :-) 

> Why not re-use the security model offered by SELINUX?
> -----------------------------------------------------
>
>                 Key: HADOOP-11747
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11747
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Madhan Sundararajan Devaki
>            Priority: Critical
>
> SELINUX was introduced to bring in a robust security management in Linux OS.
> In all distributions of Hadoop (Cloudera/Hortonworks/...) one of the pre-installation checklist items is to disable SELINUX in all the nodes of the cluster.
> Why not re-use the security model offered by SELINUX setting instead of re-inventing from scratch through Sentry/Knox/etc...?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)