[
https://issues.apache.org/jira/browse/HADOOP-15528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16535409#comment-16535409
]
Jason Lowe commented on HADOOP-15528:
-------------------------------------
Sorry for the delay in replying, as I recently got back from an extended
vacation and am catching up on things.
bq. However, the new behavior is the symlink operation is executed by NM
itself, which is executed as a child process under NM itself, it shares the
same execution environment as NM.
This cannot work in a secure environment. Well at least the one we have today
on Linux with the native container executor. In that secure environment the
container is running as the user and therefore has access to things that the NM
user does not. The container working directory is one of those things.
Normally the NM user has no need or reason to be able to see the contents of
the container working directory nor be able to modify it.
> Deprecate ContainerLaunch#link by using FileUtil#SymLink
> --------------------------------------------------------
>
> Key: HADOOP-15528
> URL: https://issues.apache.org/jira/browse/HADOOP-15528
> Project: Hadoop Common
> Issue Type: Sub-task
> Reporter: Giovanni Matteo Fumarola
> Assignee: Giovanni Matteo Fumarola
> Priority: Major
> Attachments: HADOOP-15528-HADOOP-15461.v1.patch,
> HADOOP-15528-HADOOP-15461.v2.patch, HADOOP-15528-HADOOP-15461.v3.patch
>
>
> {{ContainerLaunch}} currently uses its own utility to create links (including
> winutils).
> This should be deprecated and rely on {{FileUtil#SymLink}} which is already
> multi-platform and pure Java.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
