[3/4] hadoop git commit: YARN-6623. Add support to turn off launching privileged containers in the container-executor. (Varun Vasudev via wangda)
http://git-wip-us.apache.org/repos/asf/hadoop/blob/2e3b7130/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
--
diff --git
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
new file mode 100644
index 000..860320d
--- /dev/null
+++
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
@@ -0,0 +1,998 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include
+#include
+#include
+#include
+#include "../modules/common/module-configs.h"
+#include "docker-util.h"
+#include "string-utils.h"
+#include "util.h"
+
+static int read_and_verify_command_file(const char *command_file, const char
*docker_command,
+struct configuration *command_config) {
+ int ret = 0;
+ ret = read_config(command_file, command_config);
+ if (ret != 0) {
+return INVALID_COMMAND_FILE;
+ }
+ char *command = get_configuration_value("docker-command",
DOCKER_COMMAND_FILE_SECTION, command_config);
+ if (command == NULL || (strcmp(command, docker_command) != 0)) {
+ret = INCORRECT_COMMAND;
+ }
+ free(command);
+ return ret;
+}
+
+static int add_to_buffer(char *buff, const size_t bufflen, const char *string)
{
+ size_t current_len = strlen(buff);
+ size_t string_len = strlen(string);
+ if (current_len + string_len < bufflen - 1) {
+strncpy(buff + current_len, string, string_len);
+buff[current_len + string_len] = '\0';
+return 0;
+ }
+ return -1;
+}
+
+static int add_param_to_command(const struct configuration *command_config,
const char *key, const char *param,
+const int with_argument, char *out, const
size_t outlen) {
+ size_t tmp_buffer_size = 4096;
+ int ret = 0;
+ char *tmp_buffer = (char *) alloc_and_clear_memory(tmp_buffer_size,
sizeof(char));
+ char *value = get_configuration_value(key, DOCKER_COMMAND_FILE_SECTION,
command_config);
+ if (value != NULL) {
+if (with_argument) {
+ quote_and_append_arg(_buffer, _buffer_size, param, value);
+ ret = add_to_buffer(out, outlen, tmp_buffer);
+} else if (strcmp(value, "true") == 0) {
+ ret = add_to_buffer(out, outlen, param);
+}
+free(value);
+if (ret != 0) {
+ ret = BUFFER_TOO_SMALL;
+}
+ }
+ free(tmp_buffer);
+ return ret;
+}
+
+static int add_param_to_command_if_allowed(const struct configuration
*command_config,
+ const struct configuration
*executor_cfg,
+ const char *key, const char
*allowed_key, const char *param,
+ const int multiple_values, const
char prefix,
+ char *out, const size_t outlen) {
+ size_t tmp_buffer_size = 4096;
+ char *tmp_buffer = (char *) alloc_and_clear_memory(tmp_buffer_size,
sizeof(char));
+ char *tmp_ptr = NULL;
+ char **values = NULL;
+ char **permitted_values = get_configuration_values_delimiter(allowed_key,
+
CONTAINER_EXECUTOR_CFG_DOCKER_SECTION, executor_cfg,
+ ",");
+ int i = 0, j = 0, permitted = 0, ret = 0;
+ if (multiple_values) {
+values = get_configuration_values_delimiter(key,
DOCKER_COMMAND_FILE_SECTION, command_config, ",");
+ } else {
+values = (char **) alloc_and_clear_memory(2, sizeof(char *));
+values[0] = get_configuration_value(key, DOCKER_COMMAND_FILE_SECTION,
command_config);
+values[1] = NULL;
+if (values[0] == NULL) {
+ ret = 0;
+ goto free_and_exit;
+}
+ }
+
+ if (values != NULL) {
+if (permitted_values != NULL) {
+ for (i = 0; values[i] != NULL; ++i) {
+
[3/4] hadoop git commit: YARN-6623. Add support to turn off launching privileged containers in the container-executor. (Varun Vasudev via wangda)
http://git-wip-us.apache.org/repos/asf/hadoop/blob/091fc32c/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
--
diff --git
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
new file mode 100644
index 000..860320d
--- /dev/null
+++
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
@@ -0,0 +1,998 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include
+#include
+#include
+#include
+#include "../modules/common/module-configs.h"
+#include "docker-util.h"
+#include "string-utils.h"
+#include "util.h"
+
+static int read_and_verify_command_file(const char *command_file, const char
*docker_command,
+struct configuration *command_config) {
+ int ret = 0;
+ ret = read_config(command_file, command_config);
+ if (ret != 0) {
+return INVALID_COMMAND_FILE;
+ }
+ char *command = get_configuration_value("docker-command",
DOCKER_COMMAND_FILE_SECTION, command_config);
+ if (command == NULL || (strcmp(command, docker_command) != 0)) {
+ret = INCORRECT_COMMAND;
+ }
+ free(command);
+ return ret;
+}
+
+static int add_to_buffer(char *buff, const size_t bufflen, const char *string)
{
+ size_t current_len = strlen(buff);
+ size_t string_len = strlen(string);
+ if (current_len + string_len < bufflen - 1) {
+strncpy(buff + current_len, string, string_len);
+buff[current_len + string_len] = '\0';
+return 0;
+ }
+ return -1;
+}
+
+static int add_param_to_command(const struct configuration *command_config,
const char *key, const char *param,
+const int with_argument, char *out, const
size_t outlen) {
+ size_t tmp_buffer_size = 4096;
+ int ret = 0;
+ char *tmp_buffer = (char *) alloc_and_clear_memory(tmp_buffer_size,
sizeof(char));
+ char *value = get_configuration_value(key, DOCKER_COMMAND_FILE_SECTION,
command_config);
+ if (value != NULL) {
+if (with_argument) {
+ quote_and_append_arg(_buffer, _buffer_size, param, value);
+ ret = add_to_buffer(out, outlen, tmp_buffer);
+} else if (strcmp(value, "true") == 0) {
+ ret = add_to_buffer(out, outlen, param);
+}
+free(value);
+if (ret != 0) {
+ ret = BUFFER_TOO_SMALL;
+}
+ }
+ free(tmp_buffer);
+ return ret;
+}
+
+static int add_param_to_command_if_allowed(const struct configuration
*command_config,
+ const struct configuration
*executor_cfg,
+ const char *key, const char
*allowed_key, const char *param,
+ const int multiple_values, const
char prefix,
+ char *out, const size_t outlen) {
+ size_t tmp_buffer_size = 4096;
+ char *tmp_buffer = (char *) alloc_and_clear_memory(tmp_buffer_size,
sizeof(char));
+ char *tmp_ptr = NULL;
+ char **values = NULL;
+ char **permitted_values = get_configuration_values_delimiter(allowed_key,
+
CONTAINER_EXECUTOR_CFG_DOCKER_SECTION, executor_cfg,
+ ",");
+ int i = 0, j = 0, permitted = 0, ret = 0;
+ if (multiple_values) {
+values = get_configuration_values_delimiter(key,
DOCKER_COMMAND_FILE_SECTION, command_config, ",");
+ } else {
+values = (char **) alloc_and_clear_memory(2, sizeof(char *));
+values[0] = get_configuration_value(key, DOCKER_COMMAND_FILE_SECTION,
command_config);
+values[1] = NULL;
+if (values[0] == NULL) {
+ ret = 0;
+ goto free_and_exit;
+}
+ }
+
+ if (values != NULL) {
+if (permitted_values != NULL) {
+ for (i = 0; values[i] != NULL; ++i) {
+
[3/4] hadoop git commit: YARN-6623. Add support to turn off launching privileged containers in the container-executor. (Varun Vasudev via wangda)
http://git-wip-us.apache.org/repos/asf/hadoop/blob/d3b1c631/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
--
diff --git
a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
new file mode 100644
index 000..860320d
--- /dev/null
+++
b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
@@ -0,0 +1,998 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include
+#include
+#include
+#include
+#include "../modules/common/module-configs.h"
+#include "docker-util.h"
+#include "string-utils.h"
+#include "util.h"
+
+static int read_and_verify_command_file(const char *command_file, const char
*docker_command,
+struct configuration *command_config) {
+ int ret = 0;
+ ret = read_config(command_file, command_config);
+ if (ret != 0) {
+return INVALID_COMMAND_FILE;
+ }
+ char *command = get_configuration_value("docker-command",
DOCKER_COMMAND_FILE_SECTION, command_config);
+ if (command == NULL || (strcmp(command, docker_command) != 0)) {
+ret = INCORRECT_COMMAND;
+ }
+ free(command);
+ return ret;
+}
+
+static int add_to_buffer(char *buff, const size_t bufflen, const char *string)
{
+ size_t current_len = strlen(buff);
+ size_t string_len = strlen(string);
+ if (current_len + string_len < bufflen - 1) {
+strncpy(buff + current_len, string, string_len);
+buff[current_len + string_len] = '\0';
+return 0;
+ }
+ return -1;
+}
+
+static int add_param_to_command(const struct configuration *command_config,
const char *key, const char *param,
+const int with_argument, char *out, const
size_t outlen) {
+ size_t tmp_buffer_size = 4096;
+ int ret = 0;
+ char *tmp_buffer = (char *) alloc_and_clear_memory(tmp_buffer_size,
sizeof(char));
+ char *value = get_configuration_value(key, DOCKER_COMMAND_FILE_SECTION,
command_config);
+ if (value != NULL) {
+if (with_argument) {
+ quote_and_append_arg(_buffer, _buffer_size, param, value);
+ ret = add_to_buffer(out, outlen, tmp_buffer);
+} else if (strcmp(value, "true") == 0) {
+ ret = add_to_buffer(out, outlen, param);
+}
+free(value);
+if (ret != 0) {
+ ret = BUFFER_TOO_SMALL;
+}
+ }
+ free(tmp_buffer);
+ return ret;
+}
+
+static int add_param_to_command_if_allowed(const struct configuration
*command_config,
+ const struct configuration
*executor_cfg,
+ const char *key, const char
*allowed_key, const char *param,
+ const int multiple_values, const
char prefix,
+ char *out, const size_t outlen) {
+ size_t tmp_buffer_size = 4096;
+ char *tmp_buffer = (char *) alloc_and_clear_memory(tmp_buffer_size,
sizeof(char));
+ char *tmp_ptr = NULL;
+ char **values = NULL;
+ char **permitted_values = get_configuration_values_delimiter(allowed_key,
+
CONTAINER_EXECUTOR_CFG_DOCKER_SECTION, executor_cfg,
+ ",");
+ int i = 0, j = 0, permitted = 0, ret = 0;
+ if (multiple_values) {
+values = get_configuration_values_delimiter(key,
DOCKER_COMMAND_FILE_SECTION, command_config, ",");
+ } else {
+values = (char **) alloc_and_clear_memory(2, sizeof(char *));
+values[0] = get_configuration_value(key, DOCKER_COMMAND_FILE_SECTION,
command_config);
+values[1] = NULL;
+if (values[0] == NULL) {
+ ret = 0;
+ goto free_and_exit;
+}
+ }
+
+ if (values != NULL) {
+if (permitted_values != NULL) {
+ for (i = 0; values[i] != NULL; ++i) {
+
