hadoop-yarn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Yang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (YARN-8863) Define yarn node manager local dirs in container-executor.cfg
Date Tue, 09 Oct 2018 23:49:00 GMT
Eric Yang created YARN-8863:
-------------------------------

             Summary: Define yarn node manager local dirs in container-executor.cfg
                 Key: YARN-8863
                 URL: https://issues.apache.org/jira/browse/YARN-8863
             Project: Hadoop YARN
          Issue Type: Improvement
          Components: security, yarn
            Reporter: Eric Yang


The current implementation of container-executor accepts nm-local-dirs and nm-log-dirs from
cli arguments.  If yarn user is compromised, it is possible for rogue yarn user to use container-executor
to point nm-local-dirs to user home directory to make modification to user owned files.  This
JIRA is to enhance container-executor.cfg to allow specification of yarn.nodemanager.local-dirs
to safe guard rogue yarn user from exploiting nm-local-dirs paths.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-dev-help@hadoop.apache.org


Mime
View raw message