[
https://issues.apache.org/jira/browse/YARN-8777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16617950#comment-16617950
]
Eric Yang commented on YARN-8777:
---------------------------------
[~ebadger] The patch is written for specific use case while making remote
attack difficult base on the new extension. I thought about code reuse before,
and it is possible to use launch_command in cmd file and having flags passed
from node manager. However, it is a smaller surface to be exposed to automated
remote attack when bash is hard coded without parameter passing instead of
leaving it up to node manager with parameter passing. I don't have strong
preference for keeping "-it bash" or making them optional for code reuse, and
patch 001 shows my preference toward smaller attack surface. It is good to
talk about this before we proceed.
> Container Executor C binary change to execute interactive docker command
> ------------------------------------------------------------------------
>
> Key: YARN-8777
> URL: https://issues.apache.org/jira/browse/YARN-8777
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Zian Chen
> Assignee: Eric Yang
> Priority: Major
> Labels: Docker
> Attachments: YARN-8777.001.patch
>
>
> Since Container Executor provides Container execution using the native
> container-executor binary, we also need to make changes to accept new
> “dockerExec” method to invoke the corresponding native function to execute
> docker exec command to the running container.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
