edwardcapriolo commented on code in PR #8184:
URL: https://github.com/apache/hadoop/pull/8184#discussion_r2721285937
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c:
##########
@@ -1073,16 +1073,35 @@ static int change_owner(const char* path, uid_t user,
gid_t group) {
}
}
+mode_t get_container_group_mode(){
+ char *permission_string = get_section_value(CONTAINER_GROUP_MODE_KEY,
&executor_cfg);
+ char *default_mode = DEFAULT_CONTAINER_GROUP_MODE;
+ char *endptr;
+ mode_t mode_val;
+ if (permission_string != NULL){
+ mode_val = (mode_t) strtol(permission_string, &endptr, 8);
+ if (*endptr != '\0'){
+ fprintf(LOGFILE, "Illegal value of %s for %s in configuration\n",
+ permission_string, CONTAINER_GROUP_MODE_KEY);
+ exit(1);
+ }
+ free(permission_string);
+ } else {
+ mode_val = (mode_t) strtol(default_mode, &endptr, 8);
+ }
+ return mode_val;
+}
+
+
/**
* Create a top level directory for the user.
* It assumes that the parent directory is *not* writable by the user.
- * It creates directories with 02750 permissions owned by the user
+ * It creates directories with get_container_group_mode() permissions owned by
the user
* and with the group set to the node manager group.
* return non-0 on failure
*/
int create_directory_for_user(const char* path) {
- // set 750 permissions and setgid bit
- mode_t permissions = S_IRWXU | S_IRGRP | S_IXGRP | S_ISGID;
+ mode_t permissions = get_container_group_mode() | S_ISGID;
Review Comment:
Whatever the user supplies in the override we take it and always add the
sticky bit.
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c:
##########
@@ -1073,16 +1073,35 @@ static int change_owner(const char* path, uid_t user,
gid_t group) {
}
}
+mode_t get_container_group_mode(){
Review Comment:
We let the user chose this value. The default value currently in the file i
find incorrect. Either way this value is better as it works in more
deployments. This is a "770" was a bug but now its a feature.
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test-container-executor.c:
##########
@@ -200,6 +200,34 @@ void test_get_app_directory() {
free(app_dir);
}
+/*
+In the directory structure:
+ /yarn-root/nm-local-dir/usercache/auser/appcache
+Where nodemanager is running:
+ user: yarn group: hadoop
+We require group +w permission as "auser" is owned auser.
+Otherwise nodemanager will not be able to create appcache
++*/
+void test_create_app_dirs(){
Review Comment:
There was no test covering the place in the code where the issue was so I
added one.
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c:
##########
@@ -1370,34 +1389,74 @@ int create_container_log_dirs(const char *container_id,
const char *app_id,
return 0;
}
-/**
- * Function to create the application directories.
- * Returns pointer to primary_app_dir or NULL if it fails.
- */
-static char *create_app_dirs(const char *user,
+char* concat(const char *s1, const char *s2) {
Review Comment:
It is much harder to add string in c then java for sure.
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c:
##########
@@ -1370,34 +1389,74 @@ int create_container_log_dirs(const char *container_id,
const char *app_id,
return 0;
}
-/**
- * Function to create the application directories.
- * Returns pointer to primary_app_dir or NULL if it fails.
- */
-static char *create_app_dirs(const char *user,
+char* concat(const char *s1, const char *s2) {
+ size_t len1 = strlen(s1);
+ size_t len2 = strlen(s2);
+ char *result = malloc(len1 + len2 + 1);
+ if (result == NULL) {
+ exit(EXIT_FAILURE);
+ }
+ memcpy(result, s1, len1);
+ memcpy(result + len1, s2, len2 + 1);
+ return result;
+}
+
+void maybe_create_appcache(const char *appcache, mode_t permissions){
Review Comment:
Depending on the flow runc vs intialization container of if a previous run
happened this directory might exist. We create it conditionally.
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c:
##########
@@ -1370,34 +1389,74 @@ int create_container_log_dirs(const char *container_id,
const char *app_id,
return 0;
}
-/**
- * Function to create the application directories.
- * Returns pointer to primary_app_dir or NULL if it fails.
- */
-static char *create_app_dirs(const char *user,
+char* concat(const char *s1, const char *s2) {
+ size_t len1 = strlen(s1);
+ size_t len2 = strlen(s2);
+ char *result = malloc(len1 + len2 + 1);
+ if (result == NULL) {
+ exit(EXIT_FAILURE);
+ }
+ memcpy(result, s1, len1);
+ memcpy(result + len1, s2, len2 + 1);
+ return result;
+}
+
+void maybe_create_appcache(const char *appcache, mode_t permissions){
+ //fprintf(LOGFILE, "Going to create %s\n", appcache);
+ struct stat exists;
+ int stat_res = stat(appcache, &exists);
+ if (stat_res == -1){
+ int mk_res = mkdir(appcache, permissions);
+ fprintf(LOGFILE, "Creating appcache %s result %d\n", appcache, mk_res);
+ }
+}
+
+char *create_app_dirs(const char *user,
const char *app_id,
- char* const* local_dirs)
-{
+ char* const* local_dirs) {
// 750
mode_t permissions = S_IRWXU | S_IRGRP | S_IXGRP;
char* const* nm_root;
char *primary_app_dir = NULL;
- for(nm_root=local_dirs; *nm_root != NULL; ++nm_root) {
+ for(nm_root = local_dirs; *nm_root != NULL; ++nm_root) {
char *app_dir = get_app_directory(*nm_root, user, app_id);
- if (app_dir == NULL) {
- // try the next one
- } else if (strstr(app_dir, "..") != 0) {
- fprintf(LOGFILE, "Unsupported app directory path detected.\n");
+ fprintf(LOGFILE, "Appdir %s\n", app_dir);
+ if (app_dir == NULL){
free(app_dir);
- } else if (mkdirs(app_dir, permissions) != 0) {
+ continue;
+ }
+ //implementation node: Could be more thought put in do this detection
+ if (strstr(app_dir, "..") != 0) {
+ fprintf(LOGFILE, "Unsupported app directory path detected.\n");
free(app_dir);
- } else if (primary_app_dir == NULL) {
- primary_app_dir = app_dir;
+ continue;
+ }
+ char *user_root = get_user_directory(*nm_root, user);
+ char *appcache = concat(user_root, "/appcache");
+ maybe_create_appcache(appcache, permissions);
+ free(user_root);
+ free(appcache);
+
+ struct stat exists;
+ int stat_res = stat(app_dir, &exists);
+ if (stat_res == 0){
+ if (primary_app_dir == NULL) {
+ primary_app_dir = strdup(app_dir);
+ }
+ } else if (stat_res == -1){
+ int mk_res = mkdir(app_dir, permissions);
Review Comment:
I cleaned up the logic here and shifted the code to using mkdir vs mkdirs
mkdirs attempts to operate on parent directories as well and at this point in
the code the parents are already created correctly.
##########
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/container-executor.c:
##########
@@ -1370,34 +1389,74 @@ int create_container_log_dirs(const char *container_id,
const char *app_id,
return 0;
}
-/**
- * Function to create the application directories.
- * Returns pointer to primary_app_dir or NULL if it fails.
- */
-static char *create_app_dirs(const char *user,
+char* concat(const char *s1, const char *s2) {
+ size_t len1 = strlen(s1);
+ size_t len2 = strlen(s2);
+ char *result = malloc(len1 + len2 + 1);
+ if (result == NULL) {
+ exit(EXIT_FAILURE);
+ }
+ memcpy(result, s1, len1);
+ memcpy(result + len1, s2, len2 + 1);
+ return result;
+}
+
+void maybe_create_appcache(const char *appcache, mode_t permissions){
+ //fprintf(LOGFILE, "Going to create %s\n", appcache);
+ struct stat exists;
+ int stat_res = stat(appcache, &exists);
+ if (stat_res == -1){
+ int mk_res = mkdir(appcache, permissions);
+ fprintf(LOGFILE, "Creating appcache %s result %d\n", appcache, mk_res);
+ }
+}
+
+char *create_app_dirs(const char *user,
const char *app_id,
- char* const* local_dirs)
-{
+ char* const* local_dirs) {
// 750
mode_t permissions = S_IRWXU | S_IRGRP | S_IXGRP;
char* const* nm_root;
char *primary_app_dir = NULL;
- for(nm_root=local_dirs; *nm_root != NULL; ++nm_root) {
+ for(nm_root = local_dirs; *nm_root != NULL; ++nm_root) {
char *app_dir = get_app_directory(*nm_root, user, app_id);
- if (app_dir == NULL) {
- // try the next one
- } else if (strstr(app_dir, "..") != 0) {
- fprintf(LOGFILE, "Unsupported app directory path detected.\n");
+ fprintf(LOGFILE, "Appdir %s\n", app_dir);
+ if (app_dir == NULL){
free(app_dir);
- } else if (mkdirs(app_dir, permissions) != 0) {
+ continue;
+ }
+ //implementation node: Could be more thought put in do this detection
+ if (strstr(app_dir, "..") != 0) {
+ fprintf(LOGFILE, "Unsupported app directory path detected.\n");
free(app_dir);
- } else if (primary_app_dir == NULL) {
- primary_app_dir = app_dir;
Review Comment:
This was a leek in the code as the pointer for primary_add_dir points to
app_dir which we later free. This leads to undefined behavior.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
