Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-8762 [Umbrella] Support Interactive Docker Shell to running Containers
  3. YARN-9117

Container shell does not work when using yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user is set

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.3.0
    • 3.3.0
    • None
    • None

    Description

      If YARN is configured with yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user to restrict YARN workload to run as a specific user only. Container shell does not support this configuration because the workdir directory is owned by local-user. The container shell is intended to launch a bash process owned by the application owner. When bash process owner and current working directory are mismatched. The child process will terminate immediately due to no permission to WORKDIR. It is probably best to report this configuration as not supported rather than allowing application owner to gain all privileges of local-user.

      Attachments

        1. YARN-9117.001.patch
          3 kB
          Eric Yang

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            eyang Eric Yang
            eyang Eric Yang
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment