[
https://issues.apache.org/jira/browse/YARN-732?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kyle Leckie updated YARN-732:
-----------------------------
Description:
There is no ContainerExecutor on windows that can launch containers in a manner
that creates:
1) container isolation
2) container execution with reduced rights
I am working on patches that will add the ability to launch containers in a
process with a reduced access token. My current approach does not attempt to
run the process as the domain user passed into the launchContainer() call.
Instead we run as a local user.
was:
There is not ContainerExecutor on windows that can launch containers in a
manner that creates:
- container isolation
- reduces security context.
I am working on patches that will add the ability to launch containers in a
process with a reduced access token. My current approach does not attempt to
run the process as the domain user passed into the launchContainer() call.
Instead we run as a local user.
> YARN support for container isolation on Windows
> -----------------------------------------------
>
> Key: YARN-732
> URL: https://issues.apache.org/jira/browse/YARN-732
> Project: Hadoop YARN
> Issue Type: New Feature
> Components: nodemanager
> Affects Versions: trunk-win
> Reporter: Kyle Leckie
> Labels: security
> Fix For: trunk-win
>
>
> There is no ContainerExecutor on windows that can launch containers in a
> manner that creates:
> 1) container isolation
> 2) container execution with reduced rights
> I am working on patches that will add the ability to launch containers in a
> process with a reduced access token. My current approach does not attempt to
> run the process as the domain user passed into the launchContainer() call.
> Instead we run as a local user.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
