Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-8762 [Umbrella] Support Interactive Docker Shell to running Containers
  3. YARN-9117

Container shell does not work when using yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user is set

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.3.0
    • Fix Version/s: 3.3.0
    • Component/s: None
    • Labels:
      None
    • Target Version/s:

      Description

      If YARN is configured with yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user to restrict YARN workload to run as a specific user only. Container shell does not support this configuration because the workdir directory is owned by local-user. The container shell is intended to launch a bash process owned by the application owner. When bash process owner and current working directory are mismatched. The child process will terminate immediately due to no permission to WORKDIR. It is probably best to report this configuration as not supported rather than allowing application owner to gain all privileges of local-user.

        Attachments

        1. YARN-9117.001.patch
          3 kB
          Eric Yang

          Activity

            People

            • Assignee:
              eyang Eric Yang
              Reporter:
              eyang Eric Yang
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: