[
https://issues.apache.org/jira/browse/YARN-9117?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-9117:
----------------------------
Attachment: YARN-9117.001.patch
> Container shell does not work when using
> yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user is set
> -------------------------------------------------------------------------------------------------------------------
>
> Key: YARN-9117
> URL: https://issues.apache.org/jira/browse/YARN-9117
> Project: Hadoop YARN
> Issue Type: Sub-task
> Affects Versions: 3.3.0
> Reporter: Eric Yang
> Priority: Major
> Attachments: YARN-9117.001.patch
>
>
> If YARN is configured with
> yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user to
> restrict YARN workload to run as a specific user only. Container shell does
> not support this configuration because the workdir directory is owned by
> local-user. The container shell is intended to launch a bash process owned
> by the application owner. When bash process owner and current working
> directory are mismatched. The child process will terminate immediately due
> to no permission to WORKDIR. It is probably best to report this
> configuration as not supported rather than allowing application owner to gain
> all privileges of local-user.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
