[jira] [Commented] (YARN-6060) Linux container executor fails to run container on directories mounted as noexec

Fri, 06 Jan 2017 11:10:15 -0800 

    [ 
https://issues.apache.org/jira/browse/YARN-6060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15805324#comment-15805324
 ] 

Allen Wittenauer commented on YARN-6060:
----------------------------------------

bq.  though in an all-Java environment, it's something an admin could get away 
with (barring this issue)

... except Hadoop isn't an all-Java environment, server or client-side.  This 
will break streaming, native code, probably parts of anything that calls 
Shell.java,  libhadoop.so if it happens to be mounted on the same dir, probably 
hadoop archives-logs, etc, etc.  There's also leveldbjni's wacky behavior if 
that code is enabled. Let's not forget native MR too.

Really: configuring noexec is a very bad idea on a piece of software's that 
sole job is to be an execution engine.  It will result in all sorts of weird 
and mysterious failures.  It's definitely never been tested and certainly not a 
supported configuration.

bq. First, it allows path manipulation to replace bash with something nefarious.

We have this problem all over the place.  But we should strive to remove them.  
I was thinking yesterday that we should fail daemon startup if . is in the path.

bq.  Second, it assumes the shell is bash. 

That's a safe assumption; all of Hadoop's shell code is written specifically 
for bash v3 and v4.  I think it's listed in the pre-reqs.  If it's not, it 
should be.

> Linux container executor fails to run container on directories mounted as 
> noexec
> --------------------------------------------------------------------------------
>
>                 Key: YARN-6060
>                 URL: https://issues.apache.org/jira/browse/YARN-6060
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: nodemanager, yarn
>            Reporter: Miklos Szegedi
>            Assignee: Miklos Szegedi
>         Attachments: YARN-6060.000.patch
>
>
> If node manager directories are mounted as noexec, LCE fails with the 
> following error:
> Launching container...
> Couldn't execute the container launch file 
> /tmp/hadoop-<user>/nm-local-dir/usercache/<user>/appcache/application_1483656052575_0001/container_1483656052575_0001_02_000001/launch_container.sh
>  - Permission denied



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to