From yarn-dev-return-24065-apmail-hadoop-yarn-dev-archive=hadoop.apache.org@hadoop.apache.org  Tue Jun 21 11:47:58 2016
Return-Path: <yarn-dev-return-24065-apmail-hadoop-yarn-dev-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-yarn-dev-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-yarn-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id D0BBF191B5
	for <apmail-hadoop-yarn-dev-archive@minotaur.apache.org>; Tue, 21 Jun 2016 11:47:58 +0000 (UTC)
Received: (qmail 4058 invoked by uid 500); 21 Jun 2016 11:47:58 -0000
Delivered-To: apmail-hadoop-yarn-dev-archive@hadoop.apache.org
Received: (qmail 3732 invoked by uid 500); 21 Jun 2016 11:47:58 -0000
Mailing-List: contact yarn-dev-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:yarn-dev-help@hadoop.apache.org>
List-Unsubscribe: <mailto:yarn-dev-unsubscribe@hadoop.apache.org>
List-Post: <mailto:yarn-dev@hadoop.apache.org>
List-Id: <yarn-dev.hadoop.apache.org>
Delivered-To: mailing list yarn-dev@hadoop.apache.org
Received: (qmail 3718 invoked by uid 99); 21 Jun 2016 11:47:58 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Jun 2016 11:47:58 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id E35E92C14F8
	for <yarn-dev@hadoop.apache.org>; Tue, 21 Jun 2016 11:47:57 +0000 (UTC)
Date: Tue, 21 Jun 2016 11:47:57 +0000 (UTC)
From: "Greg Phillips (JIRA)" <jira@apache.org>
To: yarn-dev@hadoop.apache.org
Message-ID: <JIRA.12981320.1466509660000.9603.1466509677927@Atlassian.JIRA>
In-Reply-To: <JIRA.12981320.1466509660000@Atlassian.JIRA>
References: <JIRA.12981320.1466509660000@Atlassian.JIRA> <JIRA.12981320.1466509660869@arcas>
Subject: [jira] [Created] (YARN-5280) Allow YARN containers to run with Java
 Security Manager
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

Greg Phillips created YARN-5280:
-----------------------------------

             Summary: Allow YARN containers to run with Java Security Manager
                 Key: YARN-5280
                 URL: https://issues.apache.org/jira/browse/YARN-5280
             Project: Hadoop YARN
          Issue Type: New Feature
          Components: nodemanager, yarn
    Affects Versions: 2.6.4
            Reporter: Greg Phillips
            Priority: Minor


YARN applications have the ability to perform privileged actions which have the potential to add instability into the cluster. The Java Security Manager can be used to prevent users from running privileged actions while still allowing their core data processing use cases. 
Introduce a YARN flag which will allow a Hadoop administrator to enable the Java Security Manager for user code, while still providing complete permissions to core Hadoop libraries.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-dev-help@hadoop.apache.org