You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Eric Yang (JIRA)" <ji...@apache.org> on 2018/10/09 23:49:00 UTC
[jira] [Created] (YARN-8863) Define yarn node manager local dirs in
container-executor.cfg
Eric Yang created YARN-8863:
-------------------------------
Summary: Define yarn node manager local dirs in container-executor.cfg
Key: YARN-8863
URL: https://issues.apache.org/jira/browse/YARN-8863
Project: Hadoop YARN
Issue Type: Improvement
Components: security, yarn
Reporter: Eric Yang
The current implementation of container-executor accepts nm-local-dirs and nm-log-dirs from cli arguments. If yarn user is compromised, it is possible for rogue yarn user to use container-executor to point nm-local-dirs to user home directory to make modification to user owned files. This JIRA is to enhance container-executor.cfg to allow specification of yarn.nodemanager.local-dirs to safe guard rogue yarn user from exploiting nm-local-dirs paths.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org