diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java index c7bf827f545..a47a36f16a8 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java @@ -87,12 +87,18 @@ public DockerRunCommand setPrivileged() { return this; } - public DockerRunCommand setCapabilities(Set capabilties) { + public DockerRunCommand setCapabilities(Set capabilities) { //first, drop all capabilities super.addCommandArguments("cap-drop", "ALL"); + //the "none" keyword anywhere in the set overrides + // all other capabilities + if(capabilities.contains("none")) { + return this; + } + //now, add the capabilities supplied - for (String capability : capabilties) { + for (String capability : capabilities) { super.addCommandArguments("cap-add", capability); }