[jira] [Updated] (YARN-9117) Container shell does not work when using yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user is set

[Eric Yang (JIRA)]

     [ 
https://issues.apache.org/jira/browse/YARN-9117?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Eric Yang updated YARN-9117:
----------------------------
    Summary: Container shell does not work when using 
yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user is set  
(was: Container shell does not work when using 
yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user setting)

> Container shell does not work when using 
> yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user is set
> -------------------------------------------------------------------------------------------------------------------
>
>                 Key: YARN-9117
>                 URL: https://issues.apache.org/jira/browse/YARN-9117
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>    Affects Versions: 3.3.0
>            Reporter: Eric Yang
>            Priority: Major
>
> If YARN is configured with 
> yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user to 
> restrict YARN workload to run as a specific user only.  Container shell does 
> not support this configuration because the workdir directory is owned by 
> local-user.  The container shell is intended to launch a bash process owned 
> by the application owner.  When bash process owner and current working 
> directory are mismatched.  The child process will terminate immediately.  It 
> is probably best to report this configuration as not supported rather than 
> allowing application owner to gain all privileges of local-user.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org