[ https://issues.apache.org/jira/browse/YARN-6060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15806409#comment-15806409 ]
Allen Wittenauer commented on YARN-6060: ---------------------------------------- This is basically the point that [~templedf] was making: if yarn's PATH contains a place where files can be written, it's very easy to get root (since c-e will inherit it) to execute any program called 'bash'. > Linux container executor fails to run container on directories mounted as > noexec > -------------------------------------------------------------------------------- > > Key: YARN-6060 > URL: https://issues.apache.org/jira/browse/YARN-6060 > Project: Hadoop YARN > Issue Type: Improvement > Components: nodemanager, yarn > Reporter: Miklos Szegedi > Assignee: Miklos Szegedi > Attachments: YARN-6060.000.patch, YARN-6060.001.patch > > > If node manager directories are mounted as noexec, LCE fails with the > following error: > Launching container... > Couldn't execute the container launch file > /tmp/hadoop-<user>/nm-local-dir/usercache/<user>/appcache/application_1483656052575_0001/container_1483656052575_0001_02_000001/launch_container.sh > - Permission denied -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org