Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.8.0, 3.0.0-alpha1
    • Component/s: yarn
    • Labels:
      None

      Description

      (Updated based on discussion in the JIRA)

      There are scenarios where privileged containers are necessary in order to run certain kinds of applications (one example is trying to run postresql/oracle inside containers). However, given the security implications, we should ensure that :
      1) privileged containers are disabled by default
      2) if enabled, only a whitelisted set of users should be allowed to launch such containers and
      3) Not all containers launched by whitelisted users need to be privileged containers : whitelisted users need to explicitly request that a privileged container be launched.

      1. YARN-4262.003.patch
        21 kB
        Sidharta Seethana
      2. YARN-4262.002.patch
        21 kB
        Sidharta Seethana
      3. YARN-4262.001.patch
        24 kB
        Sidharta Seethana

        Activity

        Hide
        sidharta-s Sidharta Seethana added a comment -

        Uploading a patch to allow admins to run privileged containers. This patch has a dependency on YARN-4258 without which it will not compile. For the time being, I have included changes for YARN-4258 in this patch. I'll upload a new version once YARN-4258 completes its review cycle.

        Varun Vasudev, could you please give this patch a look? Thank you.

        Show
        sidharta-s Sidharta Seethana added a comment - Uploading a patch to allow admins to run privileged containers. This patch has a dependency on YARN-4258 without which it will not compile. For the time being, I have included changes for YARN-4258 in this patch. I'll upload a new version once YARN-4258 completes its review cycle. Varun Vasudev , could you please give this patch a look? Thank you.
        Hide
        hadoopqa Hadoop QA added a comment -



        -1 overall



        Vote Subsystem Runtime Comment
        -1 pre-patch 19m 55s Pre-patch trunk has 1 extant Findbugs (version 3.0.0) warnings.
        +1 @author 0m 0s The patch does not contain any @author tags.
        +1 tests included 0m 0s The patch appears to include 1 new or modified test files.
        +1 javac 7m 57s There were no new javac warning messages.
        +1 javadoc 10m 30s There were no new javadoc warning messages.
        +1 release audit 0m 25s The applied patch does not increase the total number of release audit warnings.
        -1 checkstyle 1m 51s The applied patch generated 1 new checkstyle issues (total was 211, now 211).
        +1 whitespace 0m 4s The patch has no lines that end in whitespace.
        +1 install 1m 33s mvn install still works.
        +1 eclipse:eclipse 0m 34s The patch built with eclipse:eclipse.
        +1 findbugs 4m 36s The patch does not introduce any new Findbugs (version 3.0.0) warnings.
        +1 yarn tests 0m 24s Tests passed in hadoop-yarn-api.
        +1 yarn tests 2m 4s Tests passed in hadoop-yarn-common.
        +1 yarn tests 8m 52s Tests passed in hadoop-yarn-server-nodemanager.
            59m 27s  



        Subsystem Report/Notes
        Patch URL http://issues.apache.org/jira/secure/attachment/12766551/YARN-4262.001.patch
        Optional Tests javadoc javac unit findbugs checkstyle
        git revision trunk / d6c8bad
        Pre-patch Findbugs warnings https://builds.apache.org/job/PreCommit-YARN-Build/9442/artifact/patchprocess/trunkFindbugsWarningshadoop-yarn-server-nodemanager.html
        checkstyle https://builds.apache.org/job/PreCommit-YARN-Build/9442/artifact/patchprocess/diffcheckstylehadoop-yarn-api.txt
        hadoop-yarn-api test log https://builds.apache.org/job/PreCommit-YARN-Build/9442/artifact/patchprocess/testrun_hadoop-yarn-api.txt
        hadoop-yarn-common test log https://builds.apache.org/job/PreCommit-YARN-Build/9442/artifact/patchprocess/testrun_hadoop-yarn-common.txt
        hadoop-yarn-server-nodemanager test log https://builds.apache.org/job/PreCommit-YARN-Build/9442/artifact/patchprocess/testrun_hadoop-yarn-server-nodemanager.txt
        Test Results https://builds.apache.org/job/PreCommit-YARN-Build/9442/testReport/
        Java 1.7.0_55
        uname Linux asf906.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
        Console output https://builds.apache.org/job/PreCommit-YARN-Build/9442/console

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment -1 pre-patch 19m 55s Pre-patch trunk has 1 extant Findbugs (version 3.0.0) warnings. +1 @author 0m 0s The patch does not contain any @author tags. +1 tests included 0m 0s The patch appears to include 1 new or modified test files. +1 javac 7m 57s There were no new javac warning messages. +1 javadoc 10m 30s There were no new javadoc warning messages. +1 release audit 0m 25s The applied patch does not increase the total number of release audit warnings. -1 checkstyle 1m 51s The applied patch generated 1 new checkstyle issues (total was 211, now 211). +1 whitespace 0m 4s The patch has no lines that end in whitespace. +1 install 1m 33s mvn install still works. +1 eclipse:eclipse 0m 34s The patch built with eclipse:eclipse. +1 findbugs 4m 36s The patch does not introduce any new Findbugs (version 3.0.0) warnings. +1 yarn tests 0m 24s Tests passed in hadoop-yarn-api. +1 yarn tests 2m 4s Tests passed in hadoop-yarn-common. +1 yarn tests 8m 52s Tests passed in hadoop-yarn-server-nodemanager.     59m 27s   Subsystem Report/Notes Patch URL http://issues.apache.org/jira/secure/attachment/12766551/YARN-4262.001.patch Optional Tests javadoc javac unit findbugs checkstyle git revision trunk / d6c8bad Pre-patch Findbugs warnings https://builds.apache.org/job/PreCommit-YARN-Build/9442/artifact/patchprocess/trunkFindbugsWarningshadoop-yarn-server-nodemanager.html checkstyle https://builds.apache.org/job/PreCommit-YARN-Build/9442/artifact/patchprocess/diffcheckstylehadoop-yarn-api.txt hadoop-yarn-api test log https://builds.apache.org/job/PreCommit-YARN-Build/9442/artifact/patchprocess/testrun_hadoop-yarn-api.txt hadoop-yarn-common test log https://builds.apache.org/job/PreCommit-YARN-Build/9442/artifact/patchprocess/testrun_hadoop-yarn-common.txt hadoop-yarn-server-nodemanager test log https://builds.apache.org/job/PreCommit-YARN-Build/9442/artifact/patchprocess/testrun_hadoop-yarn-server-nodemanager.txt Test Results https://builds.apache.org/job/PreCommit-YARN-Build/9442/testReport/ Java 1.7.0_55 uname Linux asf906.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Console output https://builds.apache.org/job/PreCommit-YARN-Build/9442/console This message was automatically generated.
        Hide
        sidharta-s Sidharta Seethana added a comment -

        The checkstyle issue refers to the length of YarnConfiguration.java (there isn't much that can be done about that at this point). Pre-patch failure is unrelated to this patch.

        Show
        sidharta-s Sidharta Seethana added a comment - The checkstyle issue refers to the length of YarnConfiguration.java (there isn't much that can be done about that at this point). Pre-patch failure is unrelated to this patch.
        Hide
        aw Allen Wittenauer added a comment -

        "admin" is the wrong thing to do here. It really should be a different list of users so that the two feature sets can have separation of privileges.

        Show
        aw Allen Wittenauer added a comment - "admin" is the wrong thing to do here. It really should be a different list of users so that the two feature sets can have separation of privileges.
        Hide
        sidharta-s Sidharta Seethana added a comment -

        Hi Allen Wittenauer,

        I did consider using a separate list. Running a privileged container in some ways provides the equivalent of superuser access to the underlying node. So, the question here would be : should we expose such functionality to anybody who is not in the 'admin' role for the cluster? Thoughts?

        thanks,
        -Sidharta

        Show
        sidharta-s Sidharta Seethana added a comment - Hi Allen Wittenauer , I did consider using a separate list. Running a privileged container in some ways provides the equivalent of superuser access to the underlying node. So, the question here would be : should we expose such functionality to anybody who is not in the 'admin' role for the cluster? Thoughts? thanks, -Sidharta
        Hide
        aw Allen Wittenauer added a comment -

        But admin also exposes functionality on the RM.

        should we expose such functionality to anybody who is not in the 'admin' role for the cluster?

        No, which is why it should be a separate list. This isn't an "either/or". You need three lists: regular users, users who can run docker in priv mode, and admin level privs. This is particular relevant when you think about OSes that aren't Linux that support Docker container formats but do support roles...

        Show
        aw Allen Wittenauer added a comment - But admin also exposes functionality on the RM. should we expose such functionality to anybody who is not in the 'admin' role for the cluster? No, which is why it should be a separate list. This isn't an "either/or". You need three lists: regular users, users who can run docker in priv mode, and admin level privs. This is particular relevant when you think about OSes that aren't Linux that support Docker container formats but do support roles...
        Hide
        sidharta-s Sidharta Seethana added a comment -

        bq, should we expose such functionality to anybody who is not in the 'admin' role for the cluster?

        What I meant here is : if users A, B, C are admins in a cluster, should any users apart from A, B, C be allowed to run privileged containers? In other words, should the list for docker privileged mode be entirely orthogonal/unrelated to the admin list or should it be a subset? If I understand you correctly, you are suggesting that the list should be completely unrelated to the admin role. I see the value in separation of privileges but I thought tying this to the admin role might lead to this feature being used more carefully - hence the path chosen in the first version of the patch.

        I'll upload a new patch using a different list as you suggested. I'll update the description accordingly.

        Show
        sidharta-s Sidharta Seethana added a comment - bq, should we expose such functionality to anybody who is not in the 'admin' role for the cluster? What I meant here is : if users A, B, C are admins in a cluster, should any users apart from A, B, C be allowed to run privileged containers? In other words, should the list for docker privileged mode be entirely orthogonal/unrelated to the admin list or should it be a subset? If I understand you correctly, you are suggesting that the list should be completely unrelated to the admin role. I see the value in separation of privileges but I thought tying this to the admin role might lead to this feature being used more carefully - hence the path chosen in the first version of the patch. I'll upload a new patch using a different list as you suggested. I'll update the description accordingly.
        Hide
        sidharta-s Sidharta Seethana added a comment -

        Uploaded a new patch. This patch removes the use of yarn.admin.acl and no longer includes changes from YARN-4258.

        Show
        sidharta-s Sidharta Seethana added a comment - Uploaded a new patch. This patch removes the use of yarn.admin.acl and no longer includes changes from YARN-4258 .
        Hide
        hadoopqa Hadoop QA added a comment -



        -1 overall



        Vote Subsystem Runtime Comment
        -1 pre-patch 22m 29s Pre-patch trunk has 1 extant Findbugs (version 3.0.0) warnings.
        +1 @author 0m 0s The patch does not contain any @author tags.
        +1 tests included 0m 0s The patch appears to include 1 new or modified test files.
        +1 javac 9m 31s There were no new javac warning messages.
        +1 javadoc 12m 22s There were no new javadoc warning messages.
        -1 release audit 0m 21s The applied patch generated 1 release audit warnings.
        -1 checkstyle 2m 2s The applied patch generated 1 new checkstyle issues (total was 211, now 211).
        +1 whitespace 0m 3s The patch has no lines that end in whitespace.
        +1 install 1m 39s mvn install still works.
        +1 eclipse:eclipse 0m 38s The patch built with eclipse:eclipse.
        -1 findbugs 3m 51s Post-patch findbugs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager compilation is broken.
        +1 findbugs 3m 51s The patch does not introduce any new Findbugs (version ) warnings.
        -1 yarn tests 0m 17s Tests failed in hadoop-yarn-api.
        +1 yarn tests 2m 12s Tests passed in hadoop-yarn-common.
        -1 yarn tests 0m 17s Tests failed in hadoop-yarn-server-nodemanager.
            56m 30s  



        Reason Tests
        Failed build hadoop-yarn-api
          hadoop-yarn-server-nodemanager



        Subsystem Report/Notes
        Patch URL http://issues.apache.org/jira/secure/attachment/12766747/YARN-4262.002.patch
        Optional Tests javadoc javac unit findbugs checkstyle
        git revision trunk / 63020c5
        Pre-patch Findbugs warnings https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/trunkFindbugsWarningshadoop-yarn-server-nodemanager.html
        Release Audit https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/patchReleaseAuditProblems.txt
        checkstyle https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/diffcheckstylehadoop-yarn-api.txt
        hadoop-yarn-api test log https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/testrun_hadoop-yarn-api.txt
        hadoop-yarn-common test log https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/testrun_hadoop-yarn-common.txt
        hadoop-yarn-server-nodemanager test log https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/testrun_hadoop-yarn-server-nodemanager.txt
        Test Results https://builds.apache.org/job/PreCommit-YARN-Build/9450/testReport/
        Java 1.7.0_55
        uname Linux asf901.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
        Console output https://builds.apache.org/job/PreCommit-YARN-Build/9450/console

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment -1 pre-patch 22m 29s Pre-patch trunk has 1 extant Findbugs (version 3.0.0) warnings. +1 @author 0m 0s The patch does not contain any @author tags. +1 tests included 0m 0s The patch appears to include 1 new or modified test files. +1 javac 9m 31s There were no new javac warning messages. +1 javadoc 12m 22s There were no new javadoc warning messages. -1 release audit 0m 21s The applied patch generated 1 release audit warnings. -1 checkstyle 2m 2s The applied patch generated 1 new checkstyle issues (total was 211, now 211). +1 whitespace 0m 3s The patch has no lines that end in whitespace. +1 install 1m 39s mvn install still works. +1 eclipse:eclipse 0m 38s The patch built with eclipse:eclipse. -1 findbugs 3m 51s Post-patch findbugs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager compilation is broken. +1 findbugs 3m 51s The patch does not introduce any new Findbugs (version ) warnings. -1 yarn tests 0m 17s Tests failed in hadoop-yarn-api. +1 yarn tests 2m 12s Tests passed in hadoop-yarn-common. -1 yarn tests 0m 17s Tests failed in hadoop-yarn-server-nodemanager.     56m 30s   Reason Tests Failed build hadoop-yarn-api   hadoop-yarn-server-nodemanager Subsystem Report/Notes Patch URL http://issues.apache.org/jira/secure/attachment/12766747/YARN-4262.002.patch Optional Tests javadoc javac unit findbugs checkstyle git revision trunk / 63020c5 Pre-patch Findbugs warnings https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/trunkFindbugsWarningshadoop-yarn-server-nodemanager.html Release Audit https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/patchReleaseAuditProblems.txt checkstyle https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/diffcheckstylehadoop-yarn-api.txt hadoop-yarn-api test log https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/testrun_hadoop-yarn-api.txt hadoop-yarn-common test log https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/testrun_hadoop-yarn-common.txt hadoop-yarn-server-nodemanager test log https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/testrun_hadoop-yarn-server-nodemanager.txt Test Results https://builds.apache.org/job/PreCommit-YARN-Build/9450/testReport/ Java 1.7.0_55 uname Linux asf901.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Console output https://builds.apache.org/job/PreCommit-YARN-Build/9450/console This message was automatically generated.
        Hide
        sidharta-s Sidharta Seethana added a comment -

        It is not clear to me why there are compilation failures (https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/testrun_hadoop-yarn-api.txt) - the 'cannot find symbol' errors refer to symbols that are included in the patch (YarnConfiguration.java).

        Show
        sidharta-s Sidharta Seethana added a comment - It is not clear to me why there are compilation failures ( https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/testrun_hadoop-yarn-api.txt ) - the 'cannot find symbol' errors refer to symbols that are included in the patch (YarnConfiguration.java).
        Hide
        hadoopqa Hadoop QA added a comment -



        -1 overall



        Vote Subsystem Runtime Comment
        -1 pre-patch 20m 11s Pre-patch trunk has 1 extant Findbugs (version 3.0.0) warnings.
        +1 @author 0m 0s The patch does not contain any @author tags.
        +1 tests included 0m 0s The patch appears to include 1 new or modified test files.
        +1 javac 7m 54s There were no new javac warning messages.
        +1 javadoc 10m 37s There were no new javadoc warning messages.
        -1 release audit 0m 19s The applied patch generated 1 release audit warnings.
        -1 checkstyle 1m 51s The applied patch generated 1 new checkstyle issues (total was 211, now 211).
        +1 whitespace 0m 3s The patch has no lines that end in whitespace.
        +1 install 1m 32s mvn install still works.
        +1 eclipse:eclipse 0m 34s The patch built with eclipse:eclipse.
        +1 findbugs 4m 21s The patch does not introduce any new Findbugs (version 3.0.0) warnings.
        +1 yarn tests 0m 24s Tests passed in hadoop-yarn-api.
        +1 yarn tests 2m 2s Tests passed in hadoop-yarn-common.
        +1 yarn tests 8m 52s Tests passed in hadoop-yarn-server-nodemanager.
            59m 22s  



        Subsystem Report/Notes
        Patch URL http://issues.apache.org/jira/secure/attachment/12766747/YARN-4262.002.patch
        Optional Tests javadoc javac unit findbugs checkstyle
        git revision trunk / a49298d
        Pre-patch Findbugs warnings https://builds.apache.org/job/PreCommit-YARN-Build/9451/artifact/patchprocess/trunkFindbugsWarningshadoop-yarn-server-nodemanager.html
        Release Audit https://builds.apache.org/job/PreCommit-YARN-Build/9451/artifact/patchprocess/patchReleaseAuditProblems.txt
        checkstyle https://builds.apache.org/job/PreCommit-YARN-Build/9451/artifact/patchprocess/diffcheckstylehadoop-yarn-api.txt
        hadoop-yarn-api test log https://builds.apache.org/job/PreCommit-YARN-Build/9451/artifact/patchprocess/testrun_hadoop-yarn-api.txt
        hadoop-yarn-common test log https://builds.apache.org/job/PreCommit-YARN-Build/9451/artifact/patchprocess/testrun_hadoop-yarn-common.txt
        hadoop-yarn-server-nodemanager test log https://builds.apache.org/job/PreCommit-YARN-Build/9451/artifact/patchprocess/testrun_hadoop-yarn-server-nodemanager.txt
        Test Results https://builds.apache.org/job/PreCommit-YARN-Build/9451/testReport/
        Java 1.7.0_55
        uname Linux asf905.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
        Console output https://builds.apache.org/job/PreCommit-YARN-Build/9451/console

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment -1 pre-patch 20m 11s Pre-patch trunk has 1 extant Findbugs (version 3.0.0) warnings. +1 @author 0m 0s The patch does not contain any @author tags. +1 tests included 0m 0s The patch appears to include 1 new or modified test files. +1 javac 7m 54s There were no new javac warning messages. +1 javadoc 10m 37s There were no new javadoc warning messages. -1 release audit 0m 19s The applied patch generated 1 release audit warnings. -1 checkstyle 1m 51s The applied patch generated 1 new checkstyle issues (total was 211, now 211). +1 whitespace 0m 3s The patch has no lines that end in whitespace. +1 install 1m 32s mvn install still works. +1 eclipse:eclipse 0m 34s The patch built with eclipse:eclipse. +1 findbugs 4m 21s The patch does not introduce any new Findbugs (version 3.0.0) warnings. +1 yarn tests 0m 24s Tests passed in hadoop-yarn-api. +1 yarn tests 2m 2s Tests passed in hadoop-yarn-common. +1 yarn tests 8m 52s Tests passed in hadoop-yarn-server-nodemanager.     59m 22s   Subsystem Report/Notes Patch URL http://issues.apache.org/jira/secure/attachment/12766747/YARN-4262.002.patch Optional Tests javadoc javac unit findbugs checkstyle git revision trunk / a49298d Pre-patch Findbugs warnings https://builds.apache.org/job/PreCommit-YARN-Build/9451/artifact/patchprocess/trunkFindbugsWarningshadoop-yarn-server-nodemanager.html Release Audit https://builds.apache.org/job/PreCommit-YARN-Build/9451/artifact/patchprocess/patchReleaseAuditProblems.txt checkstyle https://builds.apache.org/job/PreCommit-YARN-Build/9451/artifact/patchprocess/diffcheckstylehadoop-yarn-api.txt hadoop-yarn-api test log https://builds.apache.org/job/PreCommit-YARN-Build/9451/artifact/patchprocess/testrun_hadoop-yarn-api.txt hadoop-yarn-common test log https://builds.apache.org/job/PreCommit-YARN-Build/9451/artifact/patchprocess/testrun_hadoop-yarn-common.txt hadoop-yarn-server-nodemanager test log https://builds.apache.org/job/PreCommit-YARN-Build/9451/artifact/patchprocess/testrun_hadoop-yarn-server-nodemanager.txt Test Results https://builds.apache.org/job/PreCommit-YARN-Build/9451/testReport/ Java 1.7.0_55 uname Linux asf905.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Console output https://builds.apache.org/job/PreCommit-YARN-Build/9451/console This message was automatically generated.
        Hide
        vvasudev Varun Vasudev added a comment -

        Thanks for the patch Sidharta Seethana. Couple of things -
        1)

           .</description>
        

        Formatting.

        2)

        +    if (!privilegedContainersEnabledOnCluster) {
        +      String errorMsg = "Privileged container being requested but privileged "
        +          + "containers are not enabled on this cluster";
        +      LOG.error(errorMsg);
        +      throw new ContainerExecutionException(errorMsg);
        +    }
        

        and

        +    if (!privilegedContainersAcl.isUserAllowed(submitterUgi)) {
        +      String errorMsg = "Cannot launch privileged container. Submitting user ("
        +          + submittingUser + ") fails ACL check.";
        +      LOG.error(errorMsg);
        +      throw new ContainerExecutionException(errorMsg);
        +    }
        

        Change the log level to warnings.

        Show
        vvasudev Varun Vasudev added a comment - Thanks for the patch Sidharta Seethana . Couple of things - 1) .</description> Formatting. 2) + if (!privilegedContainersEnabledOnCluster) { + String errorMsg = "Privileged container being requested but privileged " + + "containers are not enabled on this cluster" ; + LOG.error(errorMsg); + throw new ContainerExecutionException(errorMsg); + } and + if (!privilegedContainersAcl.isUserAllowed(submitterUgi)) { + String errorMsg = "Cannot launch privileged container. Submitting user (" + + submittingUser + ") fails ACL check." ; + LOG.error(errorMsg); + throw new ContainerExecutionException(errorMsg); + } Change the log level to warnings.
        Hide
        sidharta-s Sidharta Seethana added a comment -

        Thanks, Varun Vasudev. Uploaded a new patch with the suggested fixes in place.

        Show
        sidharta-s Sidharta Seethana added a comment - Thanks, Varun Vasudev . Uploaded a new patch with the suggested fixes in place.
        Hide
        hadoopqa Hadoop QA added a comment -



        -1 overall



        Vote Subsystem Runtime Comment
        -1 pre-patch 19m 52s Pre-patch trunk has 1 extant Findbugs (version 3.0.0) warnings.
        +1 @author 0m 0s The patch does not contain any @author tags.
        +1 tests included 0m 0s The patch appears to include 1 new or modified test files.
        +1 javac 7m 49s There were no new javac warning messages.
        +1 javadoc 10m 16s There were no new javadoc warning messages.
        +1 release audit 0m 23s The applied patch does not increase the total number of release audit warnings.
        -1 checkstyle 1m 49s The applied patch generated 1 new checkstyle issues (total was 211, now 211).
        +1 whitespace 0m 3s The patch has no lines that end in whitespace.
        +1 install 1m 33s mvn install still works.
        +1 eclipse:eclipse 0m 33s The patch built with eclipse:eclipse.
        +1 findbugs 4m 32s The patch does not introduce any new Findbugs (version 3.0.0) warnings.
        +1 yarn tests 0m 22s Tests passed in hadoop-yarn-api.
        +1 yarn tests 2m 6s Tests passed in hadoop-yarn-common.
        +1 yarn tests 8m 46s Tests passed in hadoop-yarn-server-nodemanager.
            58m 46s  



        Subsystem Report/Notes
        Patch URL http://issues.apache.org/jira/secure/attachment/12767002/YARN-4262.003.patch
        Optional Tests javadoc javac unit findbugs checkstyle
        git revision trunk / cf23f2c
        Pre-patch Findbugs warnings https://builds.apache.org/job/PreCommit-YARN-Build/9464/artifact/patchprocess/trunkFindbugsWarningshadoop-yarn-server-nodemanager.html
        checkstyle https://builds.apache.org/job/PreCommit-YARN-Build/9464/artifact/patchprocess/diffcheckstylehadoop-yarn-api.txt
        hadoop-yarn-api test log https://builds.apache.org/job/PreCommit-YARN-Build/9464/artifact/patchprocess/testrun_hadoop-yarn-api.txt
        hadoop-yarn-common test log https://builds.apache.org/job/PreCommit-YARN-Build/9464/artifact/patchprocess/testrun_hadoop-yarn-common.txt
        hadoop-yarn-server-nodemanager test log https://builds.apache.org/job/PreCommit-YARN-Build/9464/artifact/patchprocess/testrun_hadoop-yarn-server-nodemanager.txt
        Test Results https://builds.apache.org/job/PreCommit-YARN-Build/9464/testReport/
        Java 1.7.0_55
        uname Linux asf902.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
        Console output https://builds.apache.org/job/PreCommit-YARN-Build/9464/console

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment -1 pre-patch 19m 52s Pre-patch trunk has 1 extant Findbugs (version 3.0.0) warnings. +1 @author 0m 0s The patch does not contain any @author tags. +1 tests included 0m 0s The patch appears to include 1 new or modified test files. +1 javac 7m 49s There were no new javac warning messages. +1 javadoc 10m 16s There were no new javadoc warning messages. +1 release audit 0m 23s The applied patch does not increase the total number of release audit warnings. -1 checkstyle 1m 49s The applied patch generated 1 new checkstyle issues (total was 211, now 211). +1 whitespace 0m 3s The patch has no lines that end in whitespace. +1 install 1m 33s mvn install still works. +1 eclipse:eclipse 0m 33s The patch built with eclipse:eclipse. +1 findbugs 4m 32s The patch does not introduce any new Findbugs (version 3.0.0) warnings. +1 yarn tests 0m 22s Tests passed in hadoop-yarn-api. +1 yarn tests 2m 6s Tests passed in hadoop-yarn-common. +1 yarn tests 8m 46s Tests passed in hadoop-yarn-server-nodemanager.     58m 46s   Subsystem Report/Notes Patch URL http://issues.apache.org/jira/secure/attachment/12767002/YARN-4262.003.patch Optional Tests javadoc javac unit findbugs checkstyle git revision trunk / cf23f2c Pre-patch Findbugs warnings https://builds.apache.org/job/PreCommit-YARN-Build/9464/artifact/patchprocess/trunkFindbugsWarningshadoop-yarn-server-nodemanager.html checkstyle https://builds.apache.org/job/PreCommit-YARN-Build/9464/artifact/patchprocess/diffcheckstylehadoop-yarn-api.txt hadoop-yarn-api test log https://builds.apache.org/job/PreCommit-YARN-Build/9464/artifact/patchprocess/testrun_hadoop-yarn-api.txt hadoop-yarn-common test log https://builds.apache.org/job/PreCommit-YARN-Build/9464/artifact/patchprocess/testrun_hadoop-yarn-common.txt hadoop-yarn-server-nodemanager test log https://builds.apache.org/job/PreCommit-YARN-Build/9464/artifact/patchprocess/testrun_hadoop-yarn-server-nodemanager.txt Test Results https://builds.apache.org/job/PreCommit-YARN-Build/9464/testReport/ Java 1.7.0_55 uname Linux asf902.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Console output https://builds.apache.org/job/PreCommit-YARN-Build/9464/console This message was automatically generated.
        Hide
        vvasudev Varun Vasudev added a comment - - edited

        +1. I'll commit this on Monday if no one objects.

        Show
        vvasudev Varun Vasudev added a comment - - edited +1. I'll commit this on Monday if no one objects.
        Hide
        vvasudev Varun Vasudev added a comment -

        Committed to trunk and branch-2. Thanks Sidharta Seethana!

        Show
        vvasudev Varun Vasudev added a comment - Committed to trunk and branch-2. Thanks Sidharta Seethana !
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-trunk-Commit #8662 (See https://builds.apache.org/job/Hadoop-trunk-Commit/8662/)
        YARN-4262. Allow whitelisted users to run privileged docker containers. (vvasudev: rev e39ae0e676f77fab216e2281ae946ab8c647733f)

        • hadoop-yarn-project/CHANGES.txt
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-trunk-Commit #8662 (See https://builds.apache.org/job/Hadoop-trunk-Commit/8662/ ) YARN-4262 . Allow whitelisted users to run privileged docker containers. (vvasudev: rev e39ae0e676f77fab216e2281ae946ab8c647733f) hadoop-yarn-project/CHANGES.txt hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-Yarn-trunk #1287 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/1287/)
        YARN-4262. Allow whitelisted users to run privileged docker containers. (vvasudev: rev e39ae0e676f77fab216e2281ae946ab8c647733f)

        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
        • hadoop-yarn-project/CHANGES.txt
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Yarn-trunk #1287 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/1287/ ) YARN-4262 . Allow whitelisted users to run privileged docker containers. (vvasudev: rev e39ae0e676f77fab216e2281ae946ab8c647733f) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java hadoop-yarn-project/CHANGES.txt
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #550 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/550/)
        YARN-4262. Allow whitelisted users to run privileged docker containers. (vvasudev: rev e39ae0e676f77fab216e2281ae946ab8c647733f)

        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
        • hadoop-yarn-project/CHANGES.txt
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #550 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/550/ ) YARN-4262 . Allow whitelisted users to run privileged docker containers. (vvasudev: rev e39ae0e676f77fab216e2281ae946ab8c647733f) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java hadoop-yarn-project/CHANGES.txt hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-Yarn-trunk-Java8 #566 (See https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/566/)
        YARN-4262. Allow whitelisted users to run privileged docker containers. (vvasudev: rev e39ae0e676f77fab216e2281ae946ab8c647733f)

        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
        • hadoop-yarn-project/CHANGES.txt
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Yarn-trunk-Java8 #566 (See https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/566/ ) YARN-4262 . Allow whitelisted users to run privileged docker containers. (vvasudev: rev e39ae0e676f77fab216e2281ae946ab8c647733f) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java hadoop-yarn-project/CHANGES.txt hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-Mapreduce-trunk #2499 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2499/)
        YARN-4262. Allow whitelisted users to run privileged docker containers. (vvasudev: rev e39ae0e676f77fab216e2281ae946ab8c647733f)

        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
        • hadoop-yarn-project/CHANGES.txt
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk #2499 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2499/ ) YARN-4262 . Allow whitelisted users to run privileged docker containers. (vvasudev: rev e39ae0e676f77fab216e2281ae946ab8c647733f) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml hadoop-yarn-project/CHANGES.txt hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-Hdfs-trunk #2450 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/2450/)
        YARN-4262. Allow whitelisted users to run privileged docker containers. (vvasudev: rev e39ae0e676f77fab216e2281ae946ab8c647733f)

        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
        • hadoop-yarn-project/CHANGES.txt
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk #2450 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/2450/ ) YARN-4262 . Allow whitelisted users to run privileged docker containers. (vvasudev: rev e39ae0e676f77fab216e2281ae946ab8c647733f) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml hadoop-yarn-project/CHANGES.txt hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-Hdfs-trunk-Java8 #513 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/513/)
        YARN-4262. Allow whitelisted users to run privileged docker containers. (vvasudev: rev e39ae0e676f77fab216e2281ae946ab8c647733f)

        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
        • hadoop-yarn-project/CHANGES.txt
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
        • hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk-Java8 #513 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/513/ ) YARN-4262 . Allow whitelisted users to run privileged docker containers. (vvasudev: rev e39ae0e676f77fab216e2281ae946ab8c647733f) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java hadoop-yarn-project/CHANGES.txt hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java

          People

          • Assignee:
            sidharta-s Sidharta Seethana
            Reporter:
            sidharta-s Sidharta Seethana
          • Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development