Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-3611 Support Docker Containers In LinuxContainerExecutor
  3. YARN-7353

Docker permitted volumes don't properly check for directories

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.9.0, 3.0.0
    • yarn

    Description

      docker-util.c:check_mount_permitted()
          // directory check
          permitted_mount_len = strlen(permitted_mounts[i]);
          if (permitted_mount_len > 0
              && permitted_mounts[i][permitted_mount_len - 1] == '/') {
            if (strncmp(normalized_path, permitted_mounts[i], permitted_mount_len) == 0) {
              ret = 1;
              break;
            }
          }
      

      This code will treat "/home/" as a directory, but not "/home"

      [  FAILED  ] 3 tests, listed below:
      [  FAILED  ] TestDockerUtil.test_check_mount_permitted
      [  FAILED  ] TestDockerUtil.test_normalize_mounts
      [  FAILED  ] TestDockerUtil.test_add_rw_mounts
      

      Additionally, YARN-6623 introduced new test failures in the C++ container-executor test "cetest"

      Attachments

        1. YARN-7353.003.patch
          24 kB
          Eric Badger
        2. YARN-7353.002.patch
          3 kB
          Eric Badger
        3. YARN-7353.001.patch
          1 kB
          Eric Badger

        Issue Links

          Activity

            People

              ebadger Eric Badger
              ebadger Eric Badger
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: