[jira] [Commented] (YARN-6623) Add support to turn off launching privileged containers in the container-executor

Wed, 20 Sep 2017 15:40:19 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-6623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16173952#comment-16173952
 ] 

Miklos Szegedi commented on YARN-6623:
--------------------------------------

[~vvasudev], thank you for the updated patch. I will review it but before that 
let's address your questions.
bq. How would you detect the condition where the buffer doesn't have enough 
size?
You copy at most bufflen-strlen(buff) characters including {{\0}}. As I said 
only one strlen is enough in this case.
bq. I didn't quite understand this. What would the len do? Your understanding 
is correct, we're checking if the left device is allowed.
Never mind, I was just trying to replace {{tmp_ptr - values\[i\]}} with a 
length.
bq. 381 quote_and_append_arg(&tmp_buffer, &tmp_buffer_size, " ", image_name); 
bq. That space might need to be added to the quote_and_append_arg function for 
safety reasons.
bq. I didn't get this. Can you please explain?
When we add a new arg then the space should be added by default in 
quote_and_append_arg every time.
bq. Is there any benefit to strcpy + strcat?
There is no need to do an strlen. Was the intention maybe to bound by the size 
of tmp_buffer_2?


> Add support to turn off launching privileged containers in the 
> container-executor
> ---------------------------------------------------------------------------------
>
>                 Key: YARN-6623
>                 URL: https://issues.apache.org/jira/browse/YARN-6623
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: nodemanager
>            Reporter: Varun Vasudev
>            Assignee: Varun Vasudev
>            Priority: Blocker
>         Attachments: YARN-6623.001.patch, YARN-6623.002.patch, 
> YARN-6623.003.patch, YARN-6623.004.patch, YARN-6623.005.patch, 
> YARN-6623.006.patch, YARN-6623.007.patch, YARN-6623.008.patch, 
> YARN-6623.009.patch, YARN-6623.010.patch
>
>
> Currently, launching privileged containers is controlled by the NM. We should 
> add a flag to the container-executor.cfg allowing admins to disable launching 
> privileged containers at the container-executor level.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to