[
https://issues.apache.org/jira/browse/YARN-6472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15966538#comment-15966538
]
Miklos Szegedi edited comment on YARN-6472 at 4/12/17 8:20 PM:
---------------------------------------------------------------
Thank you, [~gphillips] for the patch. I think we need to check for single &,
|, |& and ; as well in MULTI_COMMAND_REGEX.
was (Author: miklos.szeg...@cloudera.com):
Thank you, [~gphillips] for the patch. I think we need to check for single &, |
and ; as well in MULTI_COMMAND_REGEX.
> Possible Java sandbox improvements
> ----------------------------------
>
> Key: YARN-6472
> URL: https://issues.apache.org/jira/browse/YARN-6472
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Miklos Szegedi
> Assignee: Greg Phillips
> Attachments: YARN-6472.001.patch
>
>
> I set the sandbox to enforcing mode. Unfortunately I was able to break out of
> the sandbox running native code with the following command:
> {code}
> cmd = "$JAVA_HOME/bin/java %s -Xmx825955249
> org.apache.hadoop.yarn.applications.helloworld.HelloWorld `touch
> ../../helloworld`" + \
> " 1><LOG_DIR>/AppMaster.stdout 2><LOG_DIR>/AppMaster.stderr"
> $ ls .../nm-local-dir/usercache/root/appcache/
> helloworld
> {code}
> Also, if I am not using sandboxes, could we create the nm-sandbox-policies
> directory (empty) lazily?
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
