YARN-7758. Add an additional check to the validity of container and application ids passed to container-executor. Contributed by Yufei Gu.
This commit is contained in:
Miklos Szegedi
parent
3bd9ea63df
commit
41049ba5d1
|
|
@ -1071,7 +1071,8 @@ int create_log_dirs(const char *app_id, char * const * log_dirs) {
|
|||
for(log_root=log_dirs; *log_root != NULL; ++log_root) {
|
||||
char *app_log_dir = get_app_log_directory(*log_root, app_id);
|
||||
int result = check_nm_local_dir(nm_uid, *log_root);
|
||||
if (result != 0) {
|
||||
if (result != 0 && app_log_dir != NULL) {
|
||||
free(app_log_dir);
|
||||
app_log_dir = NULL;
|
||||
}
|
||||
if (app_log_dir == NULL) {
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@
|
|||
#include "modules/gpu/gpu-module.h"
|
||||
#include "modules/fpga/fpga-module.h"
|
||||
#include "modules/cgroups/cgroups-operations.h"
|
||||
#include "utils/string-utils.h"
|
||||
|
||||
#include <errno.h>
|
||||
#include <grp.h>
|
||||
|
|
@ -368,6 +369,10 @@ static int validate_run_as_user_commands(int argc, char **argv, int *operation)
|
|||
}
|
||||
cmd_input.app_id = argv[optind++];
|
||||
cmd_input.container_id = argv[optind++];
|
||||
if (!validate_container_id(cmd_input.container_id)) {
|
||||
fprintf(ERRORFILE, "Invalid container id %s\n", cmd_input.container_id);
|
||||
return INVALID_CONTAINER_ID;
|
||||
}
|
||||
cmd_input.cred_file = argv[optind++];
|
||||
cmd_input.local_dirs = argv[optind++];// good local dirs as a comma separated list
|
||||
cmd_input.log_dirs = argv[optind++];// good log dirs as a comma separated list
|
||||
|
|
|
|||
|
|
@ -67,7 +67,8 @@ enum errorcodes {
|
|||
ERROR_SANITIZING_DOCKER_COMMAND = 39,
|
||||
DOCKER_IMAGE_INVALID = 40,
|
||||
// DOCKER_CONTAINER_NAME_INVALID = 41, (NOT USED)
|
||||
ERROR_COMPILING_REGEX = 42
|
||||
ERROR_COMPILING_REGEX = 42,
|
||||
INVALID_CONTAINER_ID = 43
|
||||
};
|
||||
|
||||
/* Macros for min/max. */
|
||||
|
|
|
|||
Loading…
Reference in New Issue