Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
Reviewed
Description
I set the sandbox to enforcing mode. Unfortunately I was able to break out of the sandbox running native code with the following command:
cmd = "$JAVA_HOME/bin/java %s -Xmx825955249 org.apache.hadoop.yarn.applications.helloworld.HelloWorld `touch ../../helloworld`" + \ " 1><LOG_DIR>/AppMaster.stdout 2><LOG_DIR>/AppMaster.stderr" $ ls .../nm-local-dir/usercache/root/appcache/ helloworld
Also, if I am not using sandboxes, could we create the nm-sandbox-policies directory (empty) lazily?