Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-8863

Define yarn node manager local dirs in container-executor.cfg

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • security, yarn
    • None

    Description

      The current implementation of container-executor accepts nm-local-dirs and nm-log-dirs from cli arguments. If yarn user is compromised, it is possible for rogue yarn user to use container-executor to point nm-local-dirs to user home directory to make modification to user owned files. This JIRA is to enhance container-executor.cfg to allow specification of yarn.nodemanager.local-dirs to safe guard rogue yarn user from exploiting nm-local-dirs paths.

      Attachments

        Issue Links

          is related to

          Sub-task - The sub-task of the issue YARN-8569 Create an interface to provide cluster information to application

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              eyang Eric Yang
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: