[ https://issues.apache.org/jira/browse/YARN-5280?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15673999#comment-15673999 ]
Varun Vasudev commented on YARN-5280: ------------------------------------- {quote} The difficulty arises when moving the functionality from prepareContainer to launchContainer. In particular I need to modify the actual java run command instead of the container launch command. The only way I have found to modify the run command found within the launch_container.sh is through the LinuxContainerExecutor#writeLaunchEnv. A method which links the LinuxContainerExecutor with the ContainerRuntime prior to the environment being written seems necessary for this feature. I am very interested in your thoughts on this matter. {quote} Ah you're correct. I missed this. How about we add a new method called prepareContainer in the ContainerExecutor base class which does nothing by default and override it in the LinuxContainerExecutor class to call the runtime's prepareContainer method? We can call this method before we call writeLaunchEnv. That should solve your requirement, correct? > Allow YARN containers to run with Java Security Manager > ------------------------------------------------------- > > Key: YARN-5280 > URL: https://issues.apache.org/jira/browse/YARN-5280 > Project: Hadoop YARN > Issue Type: New Feature > Components: nodemanager, yarn > Affects Versions: 2.6.4 > Reporter: Greg Phillips > Assignee: Greg Phillips > Priority: Minor > Labels: oct16-medium > Attachments: YARN-5280.001.patch, YARN-5280.002.patch, > YARN-5280.003.patch, YARN-5280.004.patch, YARN-5280.patch, > YARNContainerSandbox.pdf > > > YARN applications have the ability to perform privileged actions which have > the potential to add instability into the cluster. The Java Security Manager > can be used to prevent users from running privileged actions while still > allowing their core data processing use cases. > Introduce a YARN flag which will allow a Hadoop administrator to enable the > Java Security Manager for user code, while still providing complete > permissions to core Hadoop libraries. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org