[jira] [Commented] (YARN-948) CapacityScheduler should validate the release container list before actually releasing them

Wed, 24 Jul 2013 13:02:16 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13718770#comment-13718770
 ] 

Hitesh Shah commented on YARN-948:
----------------------------------

+1 to [~tucu00]'s comment on this check being done in the RM mainline and not 
within each specific scheduler impl. 
                
> CapacityScheduler should validate the release container list before actually 
> releasing them
> -------------------------------------------------------------------------------------------
>
>                 Key: YARN-948
>                 URL: https://issues.apache.org/jira/browse/YARN-948
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: Omkar Vinit Joshi
>            Assignee: Omkar Vinit Joshi
>
> At present we are blinding passing the allocate request containing containers 
> to be released to CapacityScheduler. This may result into one application 
> releasing another application's container.
> {code}
>   @Override
>   @Lock(Lock.NoLock.class)
>   public Allocation allocate(ApplicationAttemptId applicationAttemptId,
>       List<ResourceRequest> ask, List<ContainerId> release, 
>       List<String> blacklistAdditions, List<String> blacklistRemovals) {
>     FiCaSchedulerApp application = getApplication(applicationAttemptId);
> ....
> ....
>     // Release containers
>     for (ContainerId releasedContainerId : release) {
>       RMContainer rmContainer = getRMContainer(releasedContainerId);
>       if (rmContainer == null) {
>          RMAuditLogger.logFailure(application.getUser(),
>              AuditConstants.RELEASE_CONTAINER, 
>              "Unauthorized access or invalid container", "CapacityScheduler",
>              "Trying to release container not owned by app or with invalid 
> id",
>              application.getApplicationId(), releasedContainerId);
>       }
>       completedContainer(rmContainer,
>           SchedulerUtils.createAbnormalContainerStatus(
>               releasedContainerId, 
>               SchedulerUtils.RELEASED_CONTAINER),
>           RMContainerEventType.RELEASED);
>     }
> {code}
> Current checks are not sufficient and we should prevent this..... thoughts?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to