[
https://issues.apache.org/jira/browse/YARN-5727?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Trezzo reassigned YARN-5727:
----------------------------------
Assignee: (was: Chris Trezzo)
> Improve YARN shared cache support for LinuxContainerExecutor
> ------------------------------------------------------------
>
> Key: YARN-5727
> URL: https://issues.apache.org/jira/browse/YARN-5727
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Chris Trezzo
> Attachments: YARN-5727-Design-v1.pdf
>
>
> When running LinuxContainerExecutor in a secure mode
> ({{yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users}} set
> to {{false}}), all localized files are owned by the user that owns the
> container which localized the resource. This presents a problem for the
> shared cache when a YARN application requests a resource to be uploaded to
> the shared cache that has a non-public visibility. The shared cache uploader
> (running as the node manager user) does not have access to the localized
> files and can not compute the checksum of the file or upload it to the cache.
> The solution should ideally satisfy the following three requirements:
> # Localized files should still be safe/secure. Other users that run
> containers should not be able to modify, or delete the publicly localized
> files of others.
> # The node manager user should be able to access these files for the purpose
> of checksumming and uploading to the shared cache without being a privileged
> user.
> # The solution should avoid making unnecessary copies of the localized files.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
