hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Yang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (YARN-8863) Define yarn node manager local dirs in container-executor.cfg
Date Tue, 09 Oct 2018 23:49:00 GMT
Eric Yang created YARN-8863:

             Summary: Define yarn node manager local dirs in container-executor.cfg
                 Key: YARN-8863
                 URL: https://issues.apache.org/jira/browse/YARN-8863
             Project: Hadoop YARN
          Issue Type: Improvement
          Components: security, yarn
            Reporter: Eric Yang

The current implementation of container-executor accepts nm-local-dirs and nm-log-dirs from
cli arguments.  If yarn user is compromised, it is possible for rogue yarn user to use container-executor
to point nm-local-dirs to user home directory to make modification to user owned files.  This
JIRA is to enhance container-executor.cfg to allow specification of yarn.nodemanager.local-dirs
to safe guard rogue yarn user from exploiting nm-local-dirs paths.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org

View raw message