Eric Yang created YARN-9117:
-------------------------------
Summary: Container shell does not work when using
yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user setting
Key: YARN-9117
URL: https://issues.apache.org/jira/browse/YARN-9117
Project: Hadoop YARN
Issue Type: Sub-task
Affects Versions: 3.3.0
Reporter: Eric Yang
If YARN is configured with
yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user to restrict
YARN workload to run as a specific user only. Container shell does not support
this configuration because the workdir directory is owned by local-user. The
container shell is intended to launch a bash process owned by the application
owner. When bash process owner and current working directory are mismatched.
The child process will terminate immediately. It is probably best to report
this configuration as not supported rather than allowing application owner to
gain all privileges of local-user.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-dev-h...@hadoop.apache.org
