Miklos Szegedi created YARN-6472:
------------------------------------
Summary: Possible Java sandbox improvements
Key: YARN-6472
URL: https://issues.apache.org/jira/browse/YARN-6472
Project: Hadoop YARN
Issue Type: Bug
Reporter: Miklos Szegedi
Assignee: Greg Phillips
I set the sandbox to enforcing mode. Unfortunately I was able to break out of
the sandbox running native code with the following command:
{code}
cmd = "$JAVA_HOME/bin/java %s -Xmx825955249
org.apache.hadoop.yarn.applications.helloworld.HelloWorld `touch
../../helloworld`" + \
" 1><LOG_DIR>/AppMaster.stdout 2><LOG_DIR>/AppMaster.stderr"
$ ls .../nm-local-dir/usercache/root/appcache/
helloworld
{code}
Also, if I am not using sandboxes, could we create the nm-sandbox-policies
directory (empty) lazily?
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-dev-h...@hadoop.apache.org
