[
https://issues.apache.org/jira/browse/YARN-6472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15971362#comment-15971362
]
Miklos Szegedi commented on YARN-6472:
--------------------------------------
Thank you, [~gphillips]. +1 (non-binding) for the patch
> Possible Java sandbox improvements
> ----------------------------------
>
> Key: YARN-6472
> URL: https://issues.apache.org/jira/browse/YARN-6472
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Miklos Szegedi
> Assignee: Greg Phillips
> Attachments: YARN-6472.001.patch, YARN-6472.002.patch
>
>
> I set the sandbox to enforcing mode. Unfortunately I was able to break out of
> the sandbox running native code with the following command:
> {code}
> cmd = "$JAVA_HOME/bin/java %s -Xmx825955249
> org.apache.hadoop.yarn.applications.helloworld.HelloWorld `touch
> ../../helloworld`" + \
> " 1><LOG_DIR>/AppMaster.stdout 2><LOG_DIR>/AppMaster.stderr"
> $ ls .../nm-local-dir/usercache/root/appcache/
> helloworld
> {code}
> Also, if I am not using sandboxes, could we create the nm-sandbox-policies
> directory (empty) lazily?
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
