bluemix上的spark作业是否可以查看操作系统上其他进程的列表? [英] Is it possible for a spark job on bluemix to see a list of the other processes on the operating system?
问题描述
从spark连接到第三方系统的常用方法是提供系统的凭据作为spark脚本的参数。但是,这引起了有关安全性的一些问题。例如。请参阅此问题 Bluemix spark-submit-如何确保我的Scala jar需要的凭据
A common approach for connecting to third party systems from spark is to provide the credentials for the systems as arguments to the spark script. However, this raises some questions about security. E.g. See this question Bluemix spark-submit -- How to secure credentials needed by my Scala jar
在bluemix上运行的spark作业是否有可能查看其他列表操作系统上的进程?即作业可以运行等效于 ps -awx 的命令来检查Spark集群上运行的进程以及传递给这些进程的参数吗?我猜这不可能是一个设计目标,但最好对此进行验证。
Is it possible for a spark job running on bluemix to see a list of the other processes on the operating system? I.e. Can a job run the equivalent of ps -awx to inspect the processes running on the spark cluster and the arguments that were passed to those processes? I'm guessing that it was a design goal that this must not be possible, but it would be good to verify this.
推荐答案
对于Bluemix Apache Spark服务,每个供应的Spark服务实例都是一个租户。每个租户都与其他所有租户隔离。给定租户的Spark作业无法访问任何其他租户的文件或内存。因此,即使您可以通过进程列表确定其他租户的ID,也无法利用该ID。任何这样的论点都不应该有真正私人的东西。与此相关的类比是 / etc / passwd 是世界可读的,但是用户ID的知识本身并不能打开任何大门。即它不是凭空掩饰的安全性;实际的事情被锁定了。
For the Bluemix Apache Spark service, each provisioned spark service instance is a tenant. Each tenant is isolated from all other tenants. Spark jobs of a given tenant cannot access files or memory of any other tenant. So even if you could ascertain, say, the id of another tenant through process lists, you could not exploit that; and nothing truly private should be in any such argument. A relevant analogy here is that/etc/passwd is world readable, but the knowledge of a user id does not, in and of itself, open any doors. i.e. it is not security by obscurity; actual things are locked down.
鉴于所有这些,我知道这项服务将在不久的将来通过集装箱化进一步隔离。
Given all this, I understand that this service will further isolate through containerization sometime in the near future.
这篇关于bluemix上的spark作业是否可以查看操作系统上其他进程的列表?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
