Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-2198 Remove the need to run NodeManager as privileged account for Windows Secure Container Executor
  3. YARN-2553

Windows Secure Container Executor: assign PROCESS_TERMINATE privilege to NM on created containers

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Not A Problem
    • None
    • None
    • nodemanager

    Description

      In order to open a job handle with JOB_OBJECT_TERMINATE access, the caller must have PROCESS_TERMINATE access on the handle of each process in the job (MSDN http://msdn.microsoft.com/en-us/library/windows/desktop/ms686709(v=vs.85).aspx) .

      hadoopwinutilsvc process should explicitly grant PROCESS_TERMINATE access to NM account on the newly started container process. I hope this gets inherited...

      Attachments

        Activity

          People

            rusanu Remus Rusanu
            rusanu Remus Rusanu
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: