[
https://issues.apache.org/jira/browse/YARN-882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Omkar Vinit Joshi updated YARN-882:
-----------------------------------
Description:
At present there is no limit on the number of files / size of the files
localized by single user. Similarly there is no limit on the size of the log
files created by user via running containers.
We need to restrict the user for this.
For LocalizedResources; this has serious concerns in case of secured
environment where malicious user can start one container and localize resources
whose total size >= DEFAULT_NM_LOCALIZER_CACHE_TARGET_SIZE_MB. Thereafter it
will either fail (if no extra space is present on disk) or deletion service
will keep removing localized files for other containers/applications.
The limit for logs/localized resources should be decided by RM and sent to NM
via secured containerToken. All these configurations should per container
instead of per user or per nm.
was:
At present there is no limit on the number of files / size of the files
localized by single user. Similarly there is no limit on the size of the log
files created by user via running containers.
We need to restrict the user for this. For LocalizedResources; this has serious
concerns in case of secured environment where malicious user can start one
container and localize resources whose total size >=
DEFAULT_NM_LOCALIZER_CACHE_TARGET_SIZE_MB. Thereafter it will either fail (if
no extra space is present on disk) or deletion service will keep removing
localized files for other containers/applications.
The limit for logs/localized resource should be decided by RM and sent to NM
via secured containerToken. All these configurations should per container
instead of per user or per nm.
> Specify per user quota for private/application cache and user log files
> -----------------------------------------------------------------------
>
> Key: YARN-882
> URL: https://issues.apache.org/jira/browse/YARN-882
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Omkar Vinit Joshi
> Assignee: Omkar Vinit Joshi
>
> At present there is no limit on the number of files / size of the files
> localized by single user. Similarly there is no limit on the size of the log
> files created by user via running containers.
> We need to restrict the user for this.
> For LocalizedResources; this has serious concerns in case of secured
> environment where malicious user can start one container and localize
> resources whose total size >= DEFAULT_NM_LOCALIZER_CACHE_TARGET_SIZE_MB.
> Thereafter it will either fail (if no extra space is present on disk) or
> deletion service will keep removing localized files for other
> containers/applications.
> The limit for logs/localized resources should be decided by RM and sent to NM
> via secured containerToken. All these configurations should per container
> instead of per user or per nm.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
