[YARN-6472] Improve Java sandbox regex - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.0.0-alpha4
Component/s: None
Labels:
None

Hadoop Flags:

Reviewed

Description

I set the sandbox to enforcing mode. Unfortunately I was able to break out of the sandbox running native code with the following command:

        cmd = "$JAVA_HOME/bin/java %s -Xmx825955249 org.apache.hadoop.yarn.applications.helloworld.HelloWorld `touch ../../helloworld`" + \
              " 1><LOG_DIR>/AppMaster.stdout 2><LOG_DIR>/AppMaster.stderr"

$ ls .../nm-local-dir/usercache/root/appcache/
helloworld

Also, if I am not using sandboxes, could we create the nm-sandbox-policies directory (empty) lazily?

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YARN-6472.001.patch
12/Apr/17 20:02
7 kB
Greg Phillips
YARN-6472.002.patch
12/Apr/17 23:28
7 kB
Greg Phillips
YARN-6472.003.patch
27/Apr/17 15:23
7 kB
Greg Phillips

Activity

People

Assignee:: Greg Phillips

Reporter:: Miklos Szegedi

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 12/Apr/17 15:01

Updated:: 28/Apr/17 18:36

Resolved:: 28/Apr/17 18:02