commit 0bb9de822a47cf375a8277111d6f19c4ad2020b7 Author: Eric Yang Date: Fri Nov 3 18:46:20 2017 -0400 YARN-7430. Default user and group remapping to true to prevent privileges escalation. diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java index 640e86e..dc3c54e 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java @@ -1733,7 +1733,7 @@ public static boolean isAclEnabled(Configuration conf) { DOCKER_CONTAINER_RUNTIME_PREFIX + "enable-userremapping.allowed"; /** Set enable user remapping as false by default. */ - public static final boolean DEFAULT_NM_DOCKER_ENABLE_USER_REMAPPING = false; + public static final boolean DEFAULT_NM_DOCKER_ENABLE_USER_REMAPPING = true; /** lower limit for acceptable uids of user remapped user. */ public static final String NM_DOCKER_USER_REMAPPING_UID_THRESHOLD =