[
https://issues.apache.org/jira/browse/YARN-6968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16173916#comment-16173916
]
Eric Badger commented on YARN-6968:
-----------------------------------
bq. Make Docker target directory configurable in yarn-site.xml.
I'm fine with that, but I think that it should be governed by the white list in
YARN-5534 or a different type of whitelist that determines where you are
allowed to mount cgroups. Basically just containing the potential problem to
admin-specified places instead of opening up the whole container to the user to
find a vulnerability.
> Hardcoded absolute pathname in DockerLinuxContainerRuntime
> ----------------------------------------------------------
>
> Key: YARN-6968
> URL: https://issues.apache.org/jira/browse/YARN-6968
> Project: Hadoop YARN
> Issue Type: Bug
> Components: nodemanager
> Reporter: Miklos Szegedi
> Assignee: Eric Badger
> Attachments: YARN-6968.001.patch, YARN-6968.002.patch,
> YARN-6968.003.patch, YARN-6968.004.patch
>
>
> org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.DockerLinuxContainerRuntime.launchContainer(ContainerRuntimeContext)
> has a hardcoded absolute pathname that is being flagged by findbugs.
> This could be done after YARN-6757 is checked in.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
