[
https://issues.apache.org/jira/browse/YARN-9117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16723442#comment-16723442
]
Eric Yang commented on YARN-9117:
---------------------------------
[~billie.rinaldi] Please review patch 001. Thanks
> Container shell does not work when using
> yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user is set
> -------------------------------------------------------------------------------------------------------------------
>
> Key: YARN-9117
> URL: https://issues.apache.org/jira/browse/YARN-9117
> Project: Hadoop YARN
> Issue Type: Sub-task
> Affects Versions: 3.3.0
> Reporter: Eric Yang
> Assignee: Eric Yang
> Priority: Major
> Attachments: YARN-9117.001.patch
>
>
> If YARN is configured with
> yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user to
> restrict YARN workload to run as a specific user only. Container shell does
> not support this configuration because the workdir directory is owned by
> local-user. The container shell is intended to launch a bash process owned
> by the application owner. When bash process owner and current working
> directory are mismatched. The child process will terminate immediately due
> to no permission to WORKDIR. It is probably best to report this
> configuration as not supported rather than allowing application owner to gain
> all privileges of local-user.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
