Eric Yang created YARN-8863:
-------------------------------
Summary: Define yarn node manager local dirs in
container-executor.cfg
Key: YARN-8863
URL: https://issues.apache.org/jira/browse/YARN-8863
Project: Hadoop YARN
Issue Type: Improvement
Components: security, yarn
Reporter: Eric Yang
The current implementation of container-executor accepts nm-local-dirs and
nm-log-dirs from cli arguments. If yarn user is compromised, it is possible
for rogue yarn user to use container-executor to point nm-local-dirs to user
home directory to make modification to user owned files. This JIRA is to
enhance container-executor.cfg to allow specification of
yarn.nodemanager.local-dirs to safe guard rogue yarn user from exploiting
nm-local-dirs paths.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-dev-h...@hadoop.apache.org
