[3/4] hadoop git commit: YARN-6623. Add support to turn off launching privileged containers in the container-executor. (Varun Vasudev via wangda)
http://git-wip-us.apache.org/repos/asf/hadoop/blob/2e3b7130/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c -- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c new file mode 100644 index 000..860320d --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c @@ -0,0 +1,998 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include "../modules/common/module-configs.h" +#include "docker-util.h" +#include "string-utils.h" +#include "util.h" + +static int read_and_verify_command_file(const char *command_file, const char *docker_command, +struct configuration *command_config) { + int ret = 0; + ret = read_config(command_file, command_config); + if (ret != 0) { +return INVALID_COMMAND_FILE; + } + char *command = get_configuration_value("docker-command", DOCKER_COMMAND_FILE_SECTION, command_config); + if (command == NULL || (strcmp(command, docker_command) != 0)) { +ret = INCORRECT_COMMAND; + } + free(command); + return ret; +} + +static int add_to_buffer(char *buff, const size_t bufflen, const char *string) { + size_t current_len = strlen(buff); + size_t string_len = strlen(string); + if (current_len + string_len < bufflen - 1) { +strncpy(buff + current_len, string, string_len); +buff[current_len + string_len] = '\0'; +return 0; + } + return -1; +} + +static int add_param_to_command(const struct configuration *command_config, const char *key, const char *param, +const int with_argument, char *out, const size_t outlen) { + size_t tmp_buffer_size = 4096; + int ret = 0; + char *tmp_buffer = (char *) alloc_and_clear_memory(tmp_buffer_size, sizeof(char)); + char *value = get_configuration_value(key, DOCKER_COMMAND_FILE_SECTION, command_config); + if (value != NULL) { +if (with_argument) { + quote_and_append_arg(_buffer, _buffer_size, param, value); + ret = add_to_buffer(out, outlen, tmp_buffer); +} else if (strcmp(value, "true") == 0) { + ret = add_to_buffer(out, outlen, param); +} +free(value); +if (ret != 0) { + ret = BUFFER_TOO_SMALL; +} + } + free(tmp_buffer); + return ret; +} + +static int add_param_to_command_if_allowed(const struct configuration *command_config, + const struct configuration *executor_cfg, + const char *key, const char *allowed_key, const char *param, + const int multiple_values, const char prefix, + char *out, const size_t outlen) { + size_t tmp_buffer_size = 4096; + char *tmp_buffer = (char *) alloc_and_clear_memory(tmp_buffer_size, sizeof(char)); + char *tmp_ptr = NULL; + char **values = NULL; + char **permitted_values = get_configuration_values_delimiter(allowed_key, + CONTAINER_EXECUTOR_CFG_DOCKER_SECTION, executor_cfg, + ","); + int i = 0, j = 0, permitted = 0, ret = 0; + if (multiple_values) { +values = get_configuration_values_delimiter(key, DOCKER_COMMAND_FILE_SECTION, command_config, ","); + } else { +values = (char **) alloc_and_clear_memory(2, sizeof(char *)); +values[0] = get_configuration_value(key, DOCKER_COMMAND_FILE_SECTION, command_config); +values[1] = NULL; +if (values[0] == NULL) { + ret = 0; + goto free_and_exit; +} + } + + if (values != NULL) { +if (permitted_values != NULL) { + for (i = 0; values[i] != NULL; ++i) { +
[3/4] hadoop git commit: YARN-6623. Add support to turn off launching privileged containers in the container-executor. (Varun Vasudev via wangda)
http://git-wip-us.apache.org/repos/asf/hadoop/blob/091fc32c/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c -- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c new file mode 100644 index 000..860320d --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c @@ -0,0 +1,998 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include "../modules/common/module-configs.h" +#include "docker-util.h" +#include "string-utils.h" +#include "util.h" + +static int read_and_verify_command_file(const char *command_file, const char *docker_command, +struct configuration *command_config) { + int ret = 0; + ret = read_config(command_file, command_config); + if (ret != 0) { +return INVALID_COMMAND_FILE; + } + char *command = get_configuration_value("docker-command", DOCKER_COMMAND_FILE_SECTION, command_config); + if (command == NULL || (strcmp(command, docker_command) != 0)) { +ret = INCORRECT_COMMAND; + } + free(command); + return ret; +} + +static int add_to_buffer(char *buff, const size_t bufflen, const char *string) { + size_t current_len = strlen(buff); + size_t string_len = strlen(string); + if (current_len + string_len < bufflen - 1) { +strncpy(buff + current_len, string, string_len); +buff[current_len + string_len] = '\0'; +return 0; + } + return -1; +} + +static int add_param_to_command(const struct configuration *command_config, const char *key, const char *param, +const int with_argument, char *out, const size_t outlen) { + size_t tmp_buffer_size = 4096; + int ret = 0; + char *tmp_buffer = (char *) alloc_and_clear_memory(tmp_buffer_size, sizeof(char)); + char *value = get_configuration_value(key, DOCKER_COMMAND_FILE_SECTION, command_config); + if (value != NULL) { +if (with_argument) { + quote_and_append_arg(_buffer, _buffer_size, param, value); + ret = add_to_buffer(out, outlen, tmp_buffer); +} else if (strcmp(value, "true") == 0) { + ret = add_to_buffer(out, outlen, param); +} +free(value); +if (ret != 0) { + ret = BUFFER_TOO_SMALL; +} + } + free(tmp_buffer); + return ret; +} + +static int add_param_to_command_if_allowed(const struct configuration *command_config, + const struct configuration *executor_cfg, + const char *key, const char *allowed_key, const char *param, + const int multiple_values, const char prefix, + char *out, const size_t outlen) { + size_t tmp_buffer_size = 4096; + char *tmp_buffer = (char *) alloc_and_clear_memory(tmp_buffer_size, sizeof(char)); + char *tmp_ptr = NULL; + char **values = NULL; + char **permitted_values = get_configuration_values_delimiter(allowed_key, + CONTAINER_EXECUTOR_CFG_DOCKER_SECTION, executor_cfg, + ","); + int i = 0, j = 0, permitted = 0, ret = 0; + if (multiple_values) { +values = get_configuration_values_delimiter(key, DOCKER_COMMAND_FILE_SECTION, command_config, ","); + } else { +values = (char **) alloc_and_clear_memory(2, sizeof(char *)); +values[0] = get_configuration_value(key, DOCKER_COMMAND_FILE_SECTION, command_config); +values[1] = NULL; +if (values[0] == NULL) { + ret = 0; + goto free_and_exit; +} + } + + if (values != NULL) { +if (permitted_values != NULL) { + for (i = 0; values[i] != NULL; ++i) { +
[3/4] hadoop git commit: YARN-6623. Add support to turn off launching privileged containers in the container-executor. (Varun Vasudev via wangda)
http://git-wip-us.apache.org/repos/asf/hadoop/blob/d3b1c631/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c -- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c new file mode 100644 index 000..860320d --- /dev/null +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c @@ -0,0 +1,998 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include "../modules/common/module-configs.h" +#include "docker-util.h" +#include "string-utils.h" +#include "util.h" + +static int read_and_verify_command_file(const char *command_file, const char *docker_command, +struct configuration *command_config) { + int ret = 0; + ret = read_config(command_file, command_config); + if (ret != 0) { +return INVALID_COMMAND_FILE; + } + char *command = get_configuration_value("docker-command", DOCKER_COMMAND_FILE_SECTION, command_config); + if (command == NULL || (strcmp(command, docker_command) != 0)) { +ret = INCORRECT_COMMAND; + } + free(command); + return ret; +} + +static int add_to_buffer(char *buff, const size_t bufflen, const char *string) { + size_t current_len = strlen(buff); + size_t string_len = strlen(string); + if (current_len + string_len < bufflen - 1) { +strncpy(buff + current_len, string, string_len); +buff[current_len + string_len] = '\0'; +return 0; + } + return -1; +} + +static int add_param_to_command(const struct configuration *command_config, const char *key, const char *param, +const int with_argument, char *out, const size_t outlen) { + size_t tmp_buffer_size = 4096; + int ret = 0; + char *tmp_buffer = (char *) alloc_and_clear_memory(tmp_buffer_size, sizeof(char)); + char *value = get_configuration_value(key, DOCKER_COMMAND_FILE_SECTION, command_config); + if (value != NULL) { +if (with_argument) { + quote_and_append_arg(_buffer, _buffer_size, param, value); + ret = add_to_buffer(out, outlen, tmp_buffer); +} else if (strcmp(value, "true") == 0) { + ret = add_to_buffer(out, outlen, param); +} +free(value); +if (ret != 0) { + ret = BUFFER_TOO_SMALL; +} + } + free(tmp_buffer); + return ret; +} + +static int add_param_to_command_if_allowed(const struct configuration *command_config, + const struct configuration *executor_cfg, + const char *key, const char *allowed_key, const char *param, + const int multiple_values, const char prefix, + char *out, const size_t outlen) { + size_t tmp_buffer_size = 4096; + char *tmp_buffer = (char *) alloc_and_clear_memory(tmp_buffer_size, sizeof(char)); + char *tmp_ptr = NULL; + char **values = NULL; + char **permitted_values = get_configuration_values_delimiter(allowed_key, + CONTAINER_EXECUTOR_CFG_DOCKER_SECTION, executor_cfg, + ","); + int i = 0, j = 0, permitted = 0, ret = 0; + if (multiple_values) { +values = get_configuration_values_delimiter(key, DOCKER_COMMAND_FILE_SECTION, command_config, ","); + } else { +values = (char **) alloc_and_clear_memory(2, sizeof(char *)); +values[0] = get_configuration_value(key, DOCKER_COMMAND_FILE_SECTION, command_config); +values[1] = NULL; +if (values[0] == NULL) { + ret = 0; + goto free_and_exit; +} + } + + if (values != NULL) { +if (permitted_values != NULL) { + for (i = 0; values[i] != NULL; ++i) { +