You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Eric Yang (JIRA)" <ji...@apache.org> on 2018/10/09 23:49:00 UTC

[jira] [Created] (YARN-8863) Define yarn node manager local dirs in container-executor.cfg

Eric Yang created YARN-8863:
-------------------------------

             Summary: Define yarn node manager local dirs in container-executor.cfg
                 Key: YARN-8863
                 URL: https://issues.apache.org/jira/browse/YARN-8863
             Project: Hadoop YARN
          Issue Type: Improvement
          Components: security, yarn
            Reporter: Eric Yang


The current implementation of container-executor accepts nm-local-dirs and nm-log-dirs from cli arguments.  If yarn user is compromised, it is possible for rogue yarn user to use container-executor to point nm-local-dirs to user home directory to make modification to user owned files.  This JIRA is to enhance container-executor.cfg to allow specification of yarn.nodemanager.local-dirs to safe guard rogue yarn user from exploiting nm-local-dirs paths.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org