Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-8472 YARN Container Phase 2
  3. YARN-9391

Disable PATH variable to be passed to Docker container

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2.0, 3.1.1, 3.1.2
    • Fix Version/s: 3.3.0, 3.2.1, 3.1.3
    • Component/s: None
    • Labels:
      None

      Description

      This is observed from using Apache NiFi docker image. It makes assumption that PATH variable contains /bin to reference to system utility. Where host YARN environment PATH variable is default to leaked into container by accident and not containing /bin path (default configuration). In general, it seems like node manager should block PATH variable from leaking into container. Not sure if there is a valid use case that host PATH variable must leak into container from docker point of view. From Hadoop point of view, if container is merely a chroot, and container is a mirror image of host worker dir. It is good to keep host PATH variable the same.

      Maybe we want to be more specific that block PATH variable to leak into Docker container, if it is using ENTRYPOINT only?

        Attachments

        1. YARN-9391.001.patch
          3 kB
          Jim Brennan

          Activity

            People

            • Assignee:
              Jim_Brennan Jim Brennan
              Reporter:
              eyang Eric Yang
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: