hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Miklos Szegedi (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-6623) Add support to turn off launching privileged containers in the container-executor
Date Wed, 20 Sep 2017 22:40:00 GMT

    [ https://issues.apache.org/jira/browse/YARN-6623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16173952#comment-16173952
] 

Miklos Szegedi commented on YARN-6623:
--------------------------------------

[~vvasudev], thank you for the updated patch. I will review it but before that let's address
your questions.
bq. How would you detect the condition where the buffer doesn't have enough size?
You copy at most bufflen-strlen(buff) characters including {{\0}}. As I said only one strlen
is enough in this case.
bq. I didn't quite understand this. What would the len do? Your understanding is correct,
we're checking if the left device is allowed.
Never mind, I was just trying to replace {{tmp_ptr - values\[i\]}} with a length.
bq. 381 quote_and_append_arg(&tmp_buffer, &tmp_buffer_size, " ", image_name); 
bq. That space might need to be added to the quote_and_append_arg function for safety reasons.
bq. I didn't get this. Can you please explain?
When we add a new arg then the space should be added by default in quote_and_append_arg every
time.
bq. Is there any benefit to strcpy + strcat?
There is no need to do an strlen. Was the intention maybe to bound by the size of tmp_buffer_2?


> Add support to turn off launching privileged containers in the container-executor
> ---------------------------------------------------------------------------------
>
>                 Key: YARN-6623
>                 URL: https://issues.apache.org/jira/browse/YARN-6623
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: nodemanager
>            Reporter: Varun Vasudev
>            Assignee: Varun Vasudev
>            Priority: Blocker
>         Attachments: YARN-6623.001.patch, YARN-6623.002.patch, YARN-6623.003.patch, YARN-6623.004.patch,
YARN-6623.005.patch, YARN-6623.006.patch, YARN-6623.007.patch, YARN-6623.008.patch, YARN-6623.009.patch,
YARN-6623.010.patch
>
>
> Currently, launching privileged containers is controlled by the NM. We should add a flag
to the container-executor.cfg allowing admins to disable launching privileged containers at
the container-executor level.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message