Eric Yang created YARN-9117: ------------------------------- Summary: Container shell does not work when using yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user setting Key: YARN-9117 URL: https://issues.apache.org/jira/browse/YARN-9117 Project: Hadoop YARN Issue Type: Sub-task Affects Versions: 3.3.0 Reporter: Eric Yang
If YARN is configured with yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user to restrict YARN workload to run as a specific user only. Container shell does not support this configuration because the workdir directory is owned by local-user. The container shell is intended to launch a bash process owned by the application owner. When bash process owner and current working directory are mismatched. The child process will terminate immediately. It is probably best to report this configuration as not supported rather than allowing application owner to gain all privileges of local-user. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-dev-h...@hadoop.apache.org