[
https://issues.apache.org/jira/browse/YARN-6060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15806155#comment-15806155
]
Allen Wittenauer commented on YARN-6060:
----------------------------------------
{code}
+#ifdef __linux
{code}
This looks like a vendor-ism creeping in. Various contributors do test and use
more than just Linux. (and yes, lce works just fine on them.)
I'm assuming that people are setting noexec from some false sense of security.
It's pure theatrics to say that noexec provides any sort of protection to a
system like Hadoop. Lots of ways around this, never mind that Java itself is
perfectly capable (albeit usually in crappy ways) to do just as much harm as
anything else.
At this point, I don't think this patch should go in simply because it sends
the wrong message, isn't particularly useful, and opens up a huge hole on
misconfigured systems.
> Linux container executor fails to run container on directories mounted as
> noexec
> --------------------------------------------------------------------------------
>
> Key: YARN-6060
> URL: https://issues.apache.org/jira/browse/YARN-6060
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: nodemanager, yarn
> Reporter: Miklos Szegedi
> Assignee: Miklos Szegedi
> Attachments: YARN-6060.000.patch, YARN-6060.001.patch
>
>
> If node manager directories are mounted as noexec, LCE fails with the
> following error:
> Launching container...
> Couldn't execute the container launch file
> /tmp/hadoop-<user>/nm-local-dir/usercache/<user>/appcache/application_1483656052575_0001/container_1483656052575_0001_02_000001/launch_container.sh
> - Permission denied
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
