diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c index 860320d907d..e8e2b9e9aa4 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c @@ -687,8 +687,9 @@ static int check_mount_permitted(const char **permitted_mounts, const char *requ } // directory check permitted_mount_len = strlen(permitted_mounts[i]); - if (permitted_mount_len > 0 - && permitted_mounts[i][permitted_mount_len - 1] == '/') { + struct stat path_stat; + stat(permitted_mounts[i], &path_stat); + if(S_ISDIR(path_stat.st_mode)) { if (strncmp(normalized_path, permitted_mounts[i], permitted_mount_len) == 0) { ret = 1; break; diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc index c627ca84e4f..f3ab40b92e1 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc @@ -429,13 +429,17 @@ namespace ContainerExecutor { } TEST_F(TestDockerUtil, test_check_mount_permitted) { - const char *permitted_mounts[] = {"/usr/", "/bin/ls", NULL}; + const char *permitted_mounts[] = {"/usr", "/bin/ls", "/tmp/", NULL}; std::vector > test_data; test_data.push_back(std::make_pair("/usr", 1)); test_data.push_back(std::make_pair("/usr/", 1)); + test_data.push_back(std::make_pair("/usr/bin", 1)); + test_data.push_back(std::make_pair("/usr/bin/touch", 1)); test_data.push_back(std::make_pair("/bin/ls", 1)); test_data.push_back(std::make_pair("//bin/", 0)); - test_data.push_back(std::make_pair("/tmp/random-file", -1)); + test_data.push_back(std::make_pair("/tmp", 1)); + test_data.push_back(std::make_pair("/tmp/", 1)); + test_data.push_back(std::make_pair("/bin/random-file", -1)); std::vector >::const_iterator itr; for (itr = test_data.begin(); itr != test_data.end(); ++itr) {