Eric Yang created YARN-8863: ------------------------------- Summary: Define yarn node manager local dirs in container-executor.cfg Key: YARN-8863 URL: https://issues.apache.org/jira/browse/YARN-8863 Project: Hadoop YARN Issue Type: Improvement Components: security, yarn Reporter: Eric Yang
The current implementation of container-executor accepts nm-local-dirs and nm-log-dirs from cli arguments. If yarn user is compromised, it is possible for rogue yarn user to use container-executor to point nm-local-dirs to user home directory to make modification to user owned files. This JIRA is to enhance container-executor.cfg to allow specification of yarn.nodemanager.local-dirs to safe guard rogue yarn user from exploiting nm-local-dirs paths. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-dev-h...@hadoop.apache.org