[
https://issues.apache.org/jira/browse/YARN-11165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18037305#comment-18037305
]
ASF GitHub Bot commented on YARN-11165:
---------------------------------------
github-actions[bot] commented on PR #4361:
URL: https://github.com/apache/hadoop/pull/4361#issuecomment-3514459882
We're closing this stale PR because it has been open for 100 days with no
activity. This isn't a judgement on the merit of the PR in any way. It's just a
way of keeping the PR queue manageable.
If you feel like this was a mistake, or you would like to continue working
on it, please feel free to re-open it and ask for a committer to remove the
stale tag and review again.
Thanks all for your contribution.
> JavaSandboxLinuxContainerRuntime will not read default java.policy when no
> group policy is set
> ----------------------------------------------------------------------------------------------
>
> Key: YARN-11165
> URL: https://issues.apache.org/jira/browse/YARN-11165
> Project: Hadoop YARN
> Issue Type: Bug
> Components: nodemanager
> Affects Versions: 3.3.3
> Reporter: Brandon Li
> Priority: Minor
> Labels: pull-request-available
> Time Spent: 20m
> Remaining Estimate: 0h
>
> When JavaSandboxLinuxContainerRuntime is used, we can specify
> yarn.nodemanager.runtime.linux.sandbox-mode.policy to use self-provided
> java.policy file. When this setting is not specified,
> JavaSandboxLinuxContainerRuntime will use the default java.policy file.
>
> However, when user belongs to a group (or more groups), and
> yarn.nodemanager.runtime.linux.sandbox-mode.policy.group.$groupName setting
> is not specified, JavaSandboxLinuxContainerRuntime still skips the default
> java.policy file, resulting in a final policy which looks like this:
> {code:java}
> grant codeBase "file:/usr/local/hadoop/-" {
> permission java.security.AllPermission;
> };
> grant {
> permission java.io.FilePermission
> "/tmp/hadoop-yarn/nm-local-dir/usercache/yarn/appcache/application_1653546011283_0006//-",
> "read";
> permission java.io.FilePermission
> "/tmp/hadoop-yarn/nm-local-dir/usercache/yarn/appcache/application_1653546011283_0006/filecache/13/-",
> "read";
> permission java.io.FilePermission
> "/tmp/hadoop-yarn/nm-local-dir/usercache/yarn/appcache/application_1653546011283_0006/filecache/11/-",
> "read";
> permission java.io.FilePermission
> "/tmp/hadoop-yarn/nm-local-dir/usercache/yarn/appcache/application_1653546011283_0006/filecache/12/-",
> "read";
> permission java.io.FilePermission
> "/tmp/hadoop-yarn/nm-local-dir/usercache/yarn/appcache/application_1653546011283_0006/filecache/10/-",
> "read";
> }; {code}
> which will cause problem running applications.
>
> A PR will be provided if this is identified as a bug.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
