You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-dev@hadoop.apache.org by "Miklos Szegedi (JIRA)" <ji...@apache.org> on 2017/04/12 15:01:42 UTC

[jira] [Created] (YARN-6472) Possible Java sandbox improvements

Miklos Szegedi created YARN-6472:
------------------------------------

             Summary: Possible Java sandbox improvements
                 Key: YARN-6472
                 URL: https://issues.apache.org/jira/browse/YARN-6472
             Project: Hadoop YARN
          Issue Type: Bug
            Reporter: Miklos Szegedi
            Assignee: Greg Phillips


I set the sandbox to enforcing mode. Unfortunately I was able to break out of the sandbox running native code with the following command:
{code}
        cmd = "$JAVA_HOME/bin/java %s -Xmx825955249 org.apache.hadoop.yarn.applications.helloworld.HelloWorld `touch ../../helloworld`" + \
              " 1><LOG_DIR>/AppMaster.stdout 2><LOG_DIR>/AppMaster.stderr"

$ ls .../nm-local-dir/usercache/root/appcache/
helloworld
{code}
Also, if I am not using sandboxes, could we create the nm-sandbox-policies directory (empty) lazily?



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-dev-help@hadoop.apache.org