Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-6472

Improve Java sandbox regex

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.0.0-alpha4
    • None
    • None
    • Reviewed

    Description

      I set the sandbox to enforcing mode. Unfortunately I was able to break out of the sandbox running native code with the following command:

              cmd = "$JAVA_HOME/bin/java %s -Xmx825955249 org.apache.hadoop.yarn.applications.helloworld.HelloWorld `touch ../../helloworld`" + \
                    " 1><LOG_DIR>/AppMaster.stdout 2><LOG_DIR>/AppMaster.stderr"
      
      $ ls .../nm-local-dir/usercache/root/appcache/
      helloworld
      

      Also, if I am not using sandboxes, could we create the nm-sandbox-policies directory (empty) lazily?

      Attachments

        1. YARN-6472.001.patch
          7 kB
          Greg Phillips
        2. YARN-6472.002.patch
          7 kB
          Greg Phillips
        3. YARN-6472.003.patch
          7 kB
          Greg Phillips

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            gphillips Greg Phillips
            miklos.szegedi@cloudera.com Miklos Szegedi
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment