[
https://issues.apache.org/jira/browse/YARN-5456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15402719#comment-15402719
]
Chris Nauroth commented on YARN-5456:
-------------------------------------
[~aw], thank you for the patch. I ran it on OS X, Linux and FreeBSD. I think
this will be ready to go after adding error checks on the {{malloc}} call and
discussing a testing obstacle I'm hitting.
I'm running {{test-container-executor}}, and it passes everywhere except my
FreeBSD VM. In target/native-results/test-container-executor.stdout, I see
this:
{code}
Testing delete_container()
Can't chmod /tmp/test-container-executor/local-1/usercache/cnauroth to add the
sticky bit - Operation not permitted
Can't chmod /tmp/test-container-executor/local-2/usercache/cnauroth to add the
sticky bit - Operation not permitted
Can't chmod /tmp/test-container-executor/local-3/usercache/cnauroth to add the
sticky bit - Operation not permitted
Can't chmod /tmp/test-container-executor/local-4/usercache/cnauroth to add the
sticky bit - Operation not permitted
Can't chmod /tmp/test-container-executor/local-5/usercache/cnauroth to add the
sticky bit - Operation not permitted
FAIL: failed to initialize user cnauroth
{code}
That error comes from this code in container-executor.c:
{code}
int create_directory_for_user(const char* path) {
// set 2750 permissions and group sticky bit
mode_t permissions = S_IRWXU | S_IRGRP | S_IXGRP | S_ISGID;
...
if (chmod(path, permissions) != 0) {
fprintf(LOGFILE, "Can't chmod %s to add the sticky bit - %s\n",
path, strerror(errno));
ret = -1;
{code}
I tried testing {{chmod}} to set the setgid bit, and sure enough it fails on
FreeBSD. I can set the setuid bit and the sticky bit. The problem only
happens for trying to set the setgid bit when I'm a non-root user.
{code}
> chmod 4750 /tmp/test-container-executor/local-1/usercache/cnauroth
> chmod 2750 /tmp/test-container-executor/local-1/usercache/cnauroth
chmod: /tmp/test-container-executor/local-1/usercache/cnauroth: Operation not
permitted
> chmod 1750 /tmp/test-container-executor/local-1/usercache/cnauroth
{code}
I don't see this behavior on any other OS. I assume it's some kind of
environmental configuration quirk, but I haven't been able to find any tips in
documentation. Have you seen this? Does the test pass for you on FreeBSD?
> container-executor support for FreeBSD, NetBSD, and others if conf path is
> absolute
> -----------------------------------------------------------------------------------
>
> Key: YARN-5456
> URL: https://issues.apache.org/jira/browse/YARN-5456
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: nodemanager
> Affects Versions: 3.0.0-alpha2
> Reporter: Allen Wittenauer
> Assignee: Allen Wittenauer
> Attachments: YARN-5456.00.patch
>
>
> YARN-5121 changed how container-executor fixed quite a few portability
> issues, but it also changed how it determines it's location to be very
> operating specific for security reasons. We should add support for FreeBSD
> to unbreak it's ports entry, NetBSD (the sysctl options are just in a
> different order), and for operating systems that do not have a defined
> method, an escape hatch.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
