[
https://issues.apache.org/jira/browse/YARN-6623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16193974#comment-16193974
]
Eric Yang commented on YARN-6623:
---------------------------------
[~ebadger] In some secure environment, I have seen that container-executor.cfg
is set to non-world readable because the administrator doesn't want people to
know about the allowed and bannded users on the cluster. Another possibility
is the default umask are set to 027, when admin generates
container-executor.cfg via Ambari. it is often set to world non-readable for
secure environment.
> Add support to turn off launching privileged containers in the
> container-executor
> ---------------------------------------------------------------------------------
>
> Key: YARN-6623
> URL: https://issues.apache.org/jira/browse/YARN-6623
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: nodemanager
> Reporter: Varun Vasudev
> Assignee: Varun Vasudev
> Priority: Blocker
> Fix For: 3.0.0
>
> Attachments: YARN-6623.001.patch, YARN-6623.002.patch,
> YARN-6623.003.patch, YARN-6623.004.patch, YARN-6623.005.patch,
> YARN-6623.006.patch, YARN-6623.007.patch, YARN-6623.008.patch,
> YARN-6623.009.patch, YARN-6623.010.patch, YARN-6623.011.patch,
> YARN-6623.012.patch, YARN-6623.013.patch
>
>
> Currently, launching privileged containers is controlled by the NM. We should
> add a flag to the container-executor.cfg allowing admins to disable launching
> privileged containers at the container-executor level.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
