HADOOP-12888 Shell to disable bash and setsid support when running under JVM security manager (Costin Leau via stevel)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/5a725f0a Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/5a725f0a Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/5a725f0a Branch: refs/heads/HDFS-7240 Commit: 5a725f0ab8ef9e2a8b08f088ba4e87531ae4530d Parents: 3ef5500 Author: Steve Loughran <[email protected]> Authored: Wed Mar 16 14:31:19 2016 +0000 Committer: Steve Loughran <[email protected]> Committed: Wed Mar 16 14:31:19 2016 +0000 ---------------------------------------------------------------------- .../src/main/java/org/apache/hadoop/util/Shell.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/5a725f0a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/Shell.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/Shell.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/Shell.java index df9ffa7..0af3752 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/Shell.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/Shell.java @@ -717,6 +717,10 @@ public abstract class Shell { } catch (IOException ioe) { LOG.warn("Bash is not supported by the OS", ioe); supported = false; + } catch (SecurityException se) { + LOG.info("Bash execution is not allowed by the JVM " + + "security manager.Considering it not supported."); + supported = false; } return supported; @@ -744,7 +748,11 @@ public abstract class Shell { } catch (IOException ioe) { LOG.debug("setsid is not available on this machine. So not using it."); setsidSupported = false; - } catch (Error err) { + } catch (SecurityException se) { + LOG.debug("setsid is not allowed to run by the JVM "+ + "security manager. So not using it."); + setsidSupported = false; + } catch (Error err) { if (err.getMessage() != null && err.getMessage().contains("posix_spawn is not " + "a supported process launch mechanism")
