Ravi Prakash commented on YARN-2424:

Hi Tucu! Thanks for your comment. There is currently capability to blacklist / 
whitelist users in the container-executor.cfg file. Given this capability, do 
you think in a properly configured cluster, yarn tasks launching as different 
users could create problems? This is with the assumption that most clusters do 
not have NFS mounts on the slave nodes.

As an aside I think it would be good to add a blacklist + whitelist for groups 
as well.

> LCE should support non-cgroups, non-secure mode
> -----------------------------------------------
>                 Key: YARN-2424
>                 URL: https://issues.apache.org/jira/browse/YARN-2424
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>    Affects Versions: 2.3.0, 2.4.0, 2.5.0, 2.4.1
>            Reporter: Allen Wittenauer
>            Priority: Blocker
>         Attachments: YARN-2424.patch
> After YARN-1253, LCE no longer works for non-secure, non-cgroup scenarios.  
> This is a fairly serious regression, as turning on LCE prior to turning on 
> full-blown security is a fairly standard procedure.

This message was sent by Atlassian JIRA

Reply via email to