[ https://issues.apache.org/jira/browse/YARN-8777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16617950#comment-16617950 ]
Eric Yang commented on YARN-8777: --------------------------------- [~ebadger] The patch is written for specific use case while making remote attack difficult base on the new extension. I thought about code reuse before, and it is possible to use launch_command in cmd file and having flags passed from node manager. However, it is a smaller surface to be exposed to automated remote attack when bash is hard coded without parameter passing instead of leaving it up to node manager with parameter passing. I don't have strong preference for keeping "-it bash" or making them optional for code reuse, and patch 001 shows my preference toward smaller attack surface. It is good to talk about this before we proceed. > Container Executor C binary change to execute interactive docker command > ------------------------------------------------------------------------ > > Key: YARN-8777 > URL: https://issues.apache.org/jira/browse/YARN-8777 > Project: Hadoop YARN > Issue Type: Sub-task > Reporter: Zian Chen > Assignee: Eric Yang > Priority: Major > Labels: Docker > Attachments: YARN-8777.001.patch > > > Since Container Executor provides Container execution using the native > container-executor binary, we also need to make changes to accept new > “dockerExec” method to invoke the corresponding native function to execute > docker exec command to the running container. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org