You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Andrew Purtell (JIRA)" <ji...@apache.org> on 2015/03/25 21:41:53 UTC
[jira] [Commented] (HADOOP-11747) Why not re-use the security model
offered by SELINUX?
[ https://issues.apache.org/jira/browse/HADOOP-11747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14380726#comment-14380726 ]
Andrew Purtell commented on HADOOP-11747:
-----------------------------------------
You could repurpose this as a proposal to implement Flask-style type enforcement in Hadoop, with push down to the OS if support is available there for it, like SELinux or TrustedBSD. :-)
> Why not re-use the security model offered by SELINUX?
> -----------------------------------------------------
>
> Key: HADOOP-11747
> URL: https://issues.apache.org/jira/browse/HADOOP-11747
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Madhan Sundararajan Devaki
> Priority: Critical
>
> SELINUX was introduced to bring in a robust security management in Linux OS.
> In all distributions of Hadoop (Cloudera/Hortonworks/...) one of the pre-installation checklist items is to disable SELINUX in all the nodes of the cluster.
> Why not re-use the security model offered by SELINUX setting instead of re-inventing from scratch through Sentry/Knox/etc...?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)