Configuring the FlinkServer UDF Sandbox
You can upload third-party JAR packages, such as UDFs and dependencies, on the Flink web UI based on job requirements, and invoke dependencies when verifying and running SQL jobs. To ensure that the uploaded JAR file is secure, the sandbox function is enabled for Flink by default. You can set the sandbox permission by setting the flinkserver.security.policy parameter by referring to Configuring Permission of a Specified JAR Package and disable the sandbox by setting the security.manager.enabled parameter by referring to Disabling the FlinkServer Sandbox.
Permissions
A permission consists of the type (mandatory), name, and allowed operation.
- Default permission
- Property read permission: permission java.util.PropertyPermission "*", "read"
- Socket permission, allowing connect and resolve to all ports: permission java.net.SocketPermission "*", "connect,resolve"
- Standard permission
Table 1 File permission Type
Name
Allowed Operation
Example
java.io.FilePermission
- Name of a specified file
- -: all files in the directory and subdirectories
- *: all files in the directory
- read
- write
- delete
- execute
Table 3 Property permission Type
Name
Allowed Operation
Examples
java.util.PropertyPermission
JVM property name to be accessed
- read
- write
The following permission allows standard read of Java properties:
permission java.util.PropertyPermission "java.", "read";
Table 4 Runtime permission Type
Name
java.lang.RuntimePermission
- accessDeclaredMembers: allows code to use reflection to access private or protected members in other classes.
- createClassLoader: allows code to create a class loader instance.
- createSecurityManager: allows code to create a security manager instance, which will allow programmatic implementations to control the sandbox. This is a high-risk operation. With this permission, the UDF can modify or disable the SecurityManager of a service.
- exitVM: allows the code to shut down the entire VM.
- getClassLoader: allows code to access the class loader to obtain a specific class.
- setContextClassLoader: allows code to set the context class loader for a thread.
- setFactory: allows code to create a socket factory.
- setIO: allows code to redirect System.in and System.out or System.err input and output streams.
- setSecurityManager: allows code to set the security manager.
- stopThread: allows code to invoke the stop() method of the thread class.
Table 5 Security permission Type
Name
java.security.SecurityPermission
- createAccessControlContext: allows you to create a context environment for an access controller.
- getPolicy: allows the search of classes that can implement sandbox policies.
- setPolicy: allows you to set a class that can implement the sandbox policy. This is a high-risk operation. With this permission, the UDF can modify the policy of a service.
Table 6 Reflection permission Type
Name
java.lang.reflect.ReflectPermission
suppressAccessChecks: allows reflection to be used to check private variables of any class.
Table 7 All permission Type
Name
java.security.AllPermission
None (permission to perform any operation)
If a third-party JAR dependency is used and the following error message is displayed, the sandbox permission is required:
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "xxxx" "read") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.security.AccessController.checkPermission(AccessController.java:886) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at java.io.File.exists(File.java:825) at com.xxx.ExpireUDF.(ExpireUDF.java:19)
Configuring Permission of a Specified JAR Package
- Log in to FusionInsight Manager and access the Flink web UI. For details, see Accessing the FlinkServer Web UI.
- Check the storage path of the JAR package.
- Configure permission for the specified dependency.
Return to FusionInsight Manager, choose Cluster > Services > Flink > Configurations > All Configurations > FlinkServer (Role) > Customization, set flinkserver.security.policy as follows, and save the settings:
- Name: Enter the storage path recorded in 2. If you need to add more paths, click the plus sign (+).
- Value: permission value, which ends with a semicolon (;). For example, permission java.util.PropertyPermission "*", "read";permission java.net.SocketPermission "*", "connect,resolve". For details, see Permissions.
- Restart the FlinkServer instance.
Click Instances, select all FlinkServer instances, choose More > Restart Instance, and operate as prompted.
Disabling the FlinkServer Sandbox
- Log in to FusionInsight Manager.
- Choose Cluster > Services > Flink > Configurations > All Configurations.
- Search for the security.manager.enabled parameter and set its value to false.
- Click Save.
- Click Instances, select all FlinkServer instances, choose More > Restart Instance, and operate as prompted.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot