Chris Trezzo created YARN-5727:
----------------------------------
Summary: Improve YARN shared cache support for
LinuxContainerExecutor
Key: YARN-5727
URL: https://issues.apache.org/jira/browse/YARN-5727
Project: Hadoop YARN
Issue Type: Bug
Reporter: Chris Trezzo
Assignee: Chris Trezzo
When running LinuxContainerExecutor in a secure mode
({{yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users}} set
to {{false}}), all localized files are owned by the user that owns the
container which localized the resource. This presents a problem for the shared
cache when a YARN application requests a resource to be uploaded to the shared
cache that has a non-public visibility. The shared cache uploader (running as
the node manager user) does not have access to the localized files and can not
compute the checksum of the file or upload it to the cache. In this document we
will discuss various solutions to this problem, all of which should ideally
satisfy the following three requirements:
# Localized files should still be safe/secure. Other users that run containers
should not be able to modify, or delete the publicly localized files of others.
# The node manager user should be able to access these files for the purpose of
checksumming and uploading to the shared cache without being a privileged user.
# The solution should avoid making unnecessary copies of the localized files.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
