[
https://issues.apache.org/jira/browse/YARN-8986?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16688538#comment-16688538
]
Eric Yang commented on YARN-8986:
---------------------------------
[~Charo Zhang] Thank you for the patch. It looks like in the right direction.
A few suggestions:
{code}
+ char *docker_network_command = make_string("%s network ls | grep %s | awk
'{print $3}'", docker_binary, network_name);
+ FILE* docker_network = popen(docker_network_command, "r");
{code}
1. This code can be exploited by giving a bad network_name. i.e. "null
>/dev/null && rm -rf *". It would be good avoid shell based data processing
otherwise everything between the pipe are running using root privileges.
2. Each patch is showing diff of a file. It would be good to combine them
using git diff or commit the code, then git show [hash code] to generate the
patch.
{code}
+ if (pclose (docker_network) != 0 || ret <= 0)
+ {
+ free(network_type);
+ return NULL;
+ }
{code}
3. The open bracket is appending to if condition instead of separated line.
4. Validation of ports-mapping to make sure the input format is numeric,
\d+:\d+, or \d+\.\d+\.\d+\.\d+:\d+:\d+ format to avoid bad parameters to get
into command line.
> publish all exposed ports to random ports when using bridge network
> -------------------------------------------------------------------
>
> Key: YARN-8986
> URL: https://issues.apache.org/jira/browse/YARN-8986
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: yarn
> Affects Versions: 3.1.1
> Reporter: Charo Zhang
> Assignee: Charo Zhang
> Priority: Minor
> Labels: Docker
> Fix For: 3.1.2
>
> Attachments: YARN-8986.001.patch, YARN-8986.002.patch,
> YARN-8986.003.patch, YARN-8986.004.patch
>
>
> it's better to publish all exposed ports to random ports(-P) or support port
> mapping(-p) for bridge network when using bridge network for docker container.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
