[ https://issues.apache.org/jira/browse/YARN-5727?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16862605#comment-16862605 ]
Hadoop QA commented on YARN-5727: --------------------------------- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 0s{color} | {color:blue} Docker mode activated. {color} | | {color:red}-1{color} | {color:red} patch {color} | {color:red} 0m 6s{color} | {color:red} YARN-5727 does not apply to trunk. Rebase required? Wrong Branch? See https://wiki.apache.org/hadoop/HowToContribute for help. {color} | \\ \\ || Subsystem || Report/Notes || | JIRA Issue | YARN-5727 | | Console output | https://builds.apache.org/job/PreCommit-YARN-Build/24263/console | | Powered by | Apache Yetus 0.8.0 http://yetus.apache.org | This message was automatically generated. > Improve YARN shared cache support for LinuxContainerExecutor > ------------------------------------------------------------ > > Key: YARN-5727 > URL: https://issues.apache.org/jira/browse/YARN-5727 > Project: Hadoop YARN > Issue Type: Sub-task > Reporter: Chris Trezzo > Assignee: zhenzhao wang > Priority: Major > Attachments: YARN-5727-Design-v1.pdf, YARN-5727-Design-v2.pdf, > YARN-5727.001.patch > > > When running LinuxContainerExecutor in a secure mode > ({{yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users}} set > to {{false}}), all localized files are owned by the user that owns the > container which localized the resource. This presents a problem for the > shared cache when a YARN application requests a resource to be uploaded to > the shared cache that has a non-public visibility. The shared cache uploader > (running as the node manager user) does not have access to the localized > files and can not compute the checksum of the file or upload it to the cache. > The solution should ideally satisfy the following three requirements: > # Localized files should still be safe/secure. Other users that run > containers should not be able to modify, or delete the publicly localized > files of others. > # The node manager user should be able to access these files for the purpose > of checksumming and uploading to the shared cache without being a privileged > user. > # The solution should avoid making unnecessary copies of the localized files. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org