diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c index 28a924a6a3b..b5ea5c46289 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c @@ -199,10 +199,12 @@ static int change_effective_user(uid_t user, gid_t group) { * cgroup_file: Path to cgroup file where pid needs to be written to. */ static int write_pid_to_cgroup_as_root(const char* cgroup_file, pid_t pid) { + int rc = 0; uid_t user = geteuid(); gid_t group = getegid(); if (change_effective_user(0, 0) != 0) { - return -1; + rc = -1; + goto cleanup; } // open @@ -210,7 +212,8 @@ static int write_pid_to_cgroup_as_root(const char* cgroup_file, pid_t pid) { if (cgroup_fd == -1) { fprintf(LOGFILE, "Can't open file %s as node manager - %s\n", cgroup_file, strerror(errno)); - return -1; + rc = -1; + goto cleanup; } // write pid @@ -221,15 +224,17 @@ static int write_pid_to_cgroup_as_root(const char* cgroup_file, pid_t pid) { if (written == -1) { fprintf(LOGFILE, "Failed to write pid to file %s - %s\n", cgroup_file, strerror(errno)); - return -1; + rc = -1; + goto cleanup; } +cleanup: // Revert back to the calling user. if (change_effective_user(user, group)) { - return -1; + rc = -1; } - return 0; + return rc; } #endif @@ -238,15 +243,18 @@ static int write_pid_to_cgroup_as_root(const char* cgroup_file, pid_t pid) { * pid_file: Path to pid file where pid needs to be written to */ static int write_pid_to_file_as_nm(const char* pid_file, pid_t pid) { + char *temp_pid_file = NULL; + int rc = 0; uid_t user = geteuid(); gid_t group = getegid(); if (change_effective_user(nm_uid, nm_gid) != 0) { fprintf(ERRORFILE, "Could not change to effective users %d, %d\n", nm_uid, nm_gid); fflush(ERRORFILE); - return -1; + rc = -1; + goto cleanup; } - char *temp_pid_file = concatenate("%s.tmp", "pid_file_path", 1, pid_file); + temp_pid_file = concatenate("%s.tmp", "pid_file_path", 1, pid_file); fprintf(LOGFILE, "Writing to tmp file %s\n", temp_pid_file); fflush(LOGFILE); // create with 700 @@ -255,8 +263,8 @@ static int write_pid_to_file_as_nm(const char* pid_file, pid_t pid) { fprintf(LOGFILE, "Can't open file %s as node manager - %s\n", temp_pid_file, strerror(errno)); fflush(LOGFILE); - free(temp_pid_file); - return -1; + rc = -1; + goto cleanup; } // write pid to temp file @@ -268,8 +276,8 @@ static int write_pid_to_file_as_nm(const char* pid_file, pid_t pid) { fprintf(LOGFILE, "Failed to write pid to file %s as node manager - %s\n", temp_pid_file, strerror(errno)); fflush(LOGFILE); - free(temp_pid_file); - return -1; + rc = -1; + goto cleanup; } // rename temp file to actual pid file @@ -279,29 +287,41 @@ static int write_pid_to_file_as_nm(const char* pid_file, pid_t pid) { temp_pid_file, pid_file, strerror(errno)); fflush(LOGFILE); unlink(temp_pid_file); - free(temp_pid_file); - return -1; + rc = -1; + goto cleanup; } +cleanup: // Revert back to the calling user. if (change_effective_user(user, group)) { - free(temp_pid_file); - return -1; + rc = -1; } free(temp_pid_file); - return 0; + return rc; } /** * Write the exit code of the container into the exit code file * exit_code_file: Path to exit code file where exit code needs to be written */ -static int write_exit_code_file(const char* exit_code_file, int exit_code) { - char *tmp_ecode_file = concatenate("%s.tmp", "exit_code_path", 1, +static int write_exit_code_file_as_nm(const char* exit_code_file, int exit_code) { + char *tmp_ecode_file = NULL; + int rc = 0; + uid_t user = geteuid(); + gid_t group = getegid(); + if (change_effective_user(nm_uid, nm_gid) != 0) { + fprintf(ERRORFILE, "Could not change to effective users %d, %d\n", nm_uid, nm_gid); + fflush(ERRORFILE); + rc = -1; + goto cleanup; + } + + tmp_ecode_file = concatenate("%s.tmp", "exit_code_path", 1, exit_code_file); if (tmp_ecode_file == NULL) { - return -1; + rc = -1; + goto cleanup; } // create with 700 @@ -309,8 +329,8 @@ static int write_exit_code_file(const char* exit_code_file, int exit_code) { if (ecode_fd == -1) { fprintf(LOGFILE, "Can't open file %s - %s\n", tmp_ecode_file, strerror(errno)); - free(tmp_ecode_file); - return -1; + rc = -1; + goto cleanup; } char ecode_buf[21]; @@ -320,8 +340,8 @@ static int write_exit_code_file(const char* exit_code_file, int exit_code) { if (written == -1) { fprintf(LOGFILE, "Failed to write exit code to file %s - %s\n", tmp_ecode_file, strerror(errno)); - free(tmp_ecode_file); - return -1; + rc = -1; + goto cleanup; } // rename temp file to actual exit code file @@ -330,12 +350,17 @@ static int write_exit_code_file(const char* exit_code_file, int exit_code) { fprintf(LOGFILE, "Can't move exit code file from %s to %s - %s\n", tmp_ecode_file, exit_code_file, strerror(errno)); unlink(tmp_ecode_file); - free(tmp_ecode_file); - return -1; + rc = -1; + goto cleanup; } +cleanup: + // Revert back to the calling user. + if (change_effective_user(user, group)) { + rc = -1; + } free(tmp_ecode_file); - return 0; + return rc; } static int wait_and_get_exit_code(pid_t pid) { @@ -371,11 +396,8 @@ static int wait_and_get_exit_code(pid_t pid) { static int wait_and_write_exit_code(pid_t pid, const char* exit_code_file) { int exit_code = -1; - if (change_effective_user(nm_uid, nm_gid) != 0) { - return -1; - } exit_code = wait_and_get_exit_code(pid); - if (write_exit_code_file(exit_code_file, exit_code) < 0) { + if (write_exit_code_file_as_nm(exit_code_file, exit_code) < 0) { return -1; } @@ -1210,7 +1232,6 @@ char** tokenize_docker_command(const char *input, int *split_counter) { char *line = (char *)calloc(strlen(input) + 1, sizeof(char)); char **linesplit = (char **) malloc(sizeof(char *)); char *p = NULL; - int c = 0; *split_counter = 0; strncpy(line, input, strlen(input)); @@ -1688,7 +1709,7 @@ int launch_docker_container_as_user(const char * user, const char *app_id, cleanup: - if (exit_code_file != NULL && write_exit_code_file(exit_code_file, exit_code) < 0) { + if (exit_code_file != NULL && write_exit_code_file_as_nm(exit_code_file, exit_code) < 0) { fprintf (ERRORFILE, "Could not write exit code to file %s.\n", exit_code_file); fflush(ERRORFILE);