[
https://issues.apache.org/jira/browse/YARN-5280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15662718#comment-15662718
]
Varun Vasudev commented on YARN-5280:
-------------------------------------
Thanks for the patch [~gphillips]. My apologies for the late comments -
1)
{code}
@Override
+ public void writeLaunchEnv(OutputStream out, Map<String, String> environment,
+ Map<Path, List<String>> resources, List<String> command, Path logDir,
+ String user) throws IOException {
+ try {
+ linuxContainerRuntime.prepareContainer(environment, resources, command);
+ } catch (ContainerExecutionException e) {
+ throw new IOException("Unable to prepare container: ", e);
+ }
+ super.writeLaunchEnv(out, environment, resources, command, logDir, user);
+ }
+
{code}
Can you please explain why you need this block? prepareContainer is really not
meant to be called as part of the writeLaunchEnv
2)
{code}
+ linuxContainerRuntime.reapContainer(runtimeContext);
{code}
Similar to the above - any reason why you’re calling reapContainer as part of
the launchContainer call?
3)
{code}
- public void prepareContainer(ContainerRuntimeContext ctx)
+ public void prepareContainer(Map<String, String> environment,
+ Map<Path, List<String>> resources, List<String> command)
throws ContainerExecutionException {
//nothing to do here at the moment.
}
{code}
Please don’t change these interfaces. ContainerExecutor interfaces are a public
interface to allow users to plug their own implementations. If some field is
missing, please add it to the context.
> Allow YARN containers to run with Java Security Manager
> -------------------------------------------------------
>
> Key: YARN-5280
> URL: https://issues.apache.org/jira/browse/YARN-5280
> Project: Hadoop YARN
> Issue Type: New Feature
> Components: nodemanager, yarn
> Affects Versions: 2.6.4
> Reporter: Greg Phillips
> Assignee: Greg Phillips
> Priority: Minor
> Labels: oct16-medium
> Attachments: YARN-5280.001.patch, YARN-5280.002.patch,
> YARN-5280.003.patch, YARN-5280.004.patch, YARN-5280.patch,
> YARNContainerSandbox.pdf
>
>
> YARN applications have the ability to perform privileged actions which have
> the potential to add instability into the cluster. The Java Security Manager
> can be used to prevent users from running privileged actions while still
> allowing their core data processing use cases.
> Introduce a YARN flag which will allow a Hadoop administrator to enable the
> Java Security Manager for user code, while still providing complete
> permissions to core Hadoop libraries.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
