[
https://issues.apache.org/jira/browse/YARN-1972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14018583#comment-14018583
]
Remus Rusanu commented on YARN-1972:
------------------------------------
Tracked this down to {code}LocalizerRunner.run(){code}:
{code}
exec.startLocalizer(nmPrivateCTokensPath, localizationServerAddress,
context.getUser(),
ConverterUtils.toString(
context.getContainerId().
getApplicationAttemptId().getApplicationId()),
{code}
Notice the use of application id, not attempt id when launching the localizer.
I will change this to attempt id to eliminate the possibility of duplicates.
> Implement secure Windows Container Executor
> -------------------------------------------
>
> Key: YARN-1972
> URL: https://issues.apache.org/jira/browse/YARN-1972
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: nodemanager
> Reporter: Remus Rusanu
> Assignee: Remus Rusanu
> Labels: security, windows
> Attachments: YARN-1972.1.patch
>
>
> This work item represents the Java side changes required to implement a
> secure windows container executor, based on the YARN-1063 changes on
> native/winutils side.
> Necessary changes include leveraging the winutils task createas to launch the
> container process as the required user and a secure localizer (launch
> localization as a separate process running as the container user).
--
This message was sent by Atlassian JIRA
(v6.2#6252)
