diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java index 02904930a97..f3719eb5068 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java @@ -376,7 +376,7 @@ private String runDockerVolumeCommand(DockerVolumeCommand dockerVolumeCommand, Container container) throws ContainerExecutionException { try { String commandFile = dockerClient.writeCommandToTempFile( - dockerVolumeCommand, container.getContainerId().toString()); + dockerVolumeCommand, container, nmContext); PrivilegedOperation privOp = new PrivilegedOperation( PrivilegedOperation.OperationType.RUN_DOCKER_CMD); privOp.appendArgs(commandFile); @@ -889,7 +889,7 @@ public void launchContainer(ContainerRuntimeContext ctx) } String commandFile = dockerClient.writeCommandToTempFile(runCommand, - containerIdStr); + container, nmContext); PrivilegedOperation launchOp = buildLaunchOp(ctx, commandFile, runCommand); @@ -994,7 +994,7 @@ public void reapContainer(ContainerRuntimeContext ctx) new DockerInspectCommand(containerId).getIpAndHost(); try { String commandFile = dockerClient.writeCommandToTempFile(inspectCommand, - containerId); + container, nmContext); PrivilegedOperation privOp = new PrivilegedOperation( PrivilegedOperation.OperationType.RUN_DOCKER_CMD); privOp.appendArgs(commandFile); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerClient.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerClient.java index 77c53a86970..f77d44f3d75 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerClient.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerClient.java @@ -23,7 +23,13 @@ import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.Path; import org.apache.hadoop.util.StringUtils; +import org.apache.hadoop.yarn.api.records.ApplicationId; +import org.apache.hadoop.yarn.api.records.ContainerId; +import org.apache.hadoop.yarn.server.nodemanager.Context; +import org.apache.hadoop.yarn.server.nodemanager.containermanager.container.Container; +import org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.ResourceLocalizationService; import org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerExecutionException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -97,4 +103,47 @@ public String writeCommandToTempFile(DockerCommand cmd, String filePrefix) throw new ContainerExecutionException(e); } } + + public String writeCommandToTempFile(DockerCommand cmd, Container container, + Context nmContext) throws ContainerExecutionException { + ContainerId containerId = container.getContainerId(); + String filePrefix = containerId.toString(); + ApplicationId appId = containerId.getApplicationAttemptId() + .getApplicationId(); + File dockerCommandFile; + try { + String cmdDir = nmContext.getLocalDirsHandler().getLocalPathForWrite( + ResourceLocalizationService.NM_PRIVATE_DIR + Path.SEPARATOR + + appId + Path.SEPARATOR + filePrefix + Path.SEPARATOR).toString(); + + dockerCommandFile = File.createTempFile(TMP_FILE_PREFIX + filePrefix, + TMP_FILE_SUFFIX, new File(cmdDir)); + + Writer writer = new OutputStreamWriter( + new FileOutputStream(dockerCommandFile.toString()), "UTF-8"); + PrintWriter printWriter = new PrintWriter(writer); + printWriter.println("[docker-command-execution]"); + for (Map.Entry> entry : + cmd.getDockerCommandWithArguments().entrySet()) { + if (entry.getKey().contains("=")) { + throw new ContainerExecutionException( + "'=' found in entry for docker command file, key = " + entry + .getKey() + "; value = " + entry.getValue()); + } + if (entry.getValue().contains("\n")) { + throw new ContainerExecutionException( + "'\\n' found in entry for docker command file, key = " + entry + .getKey() + "; value = " + entry.getValue()); + } + printWriter.println(" " + entry.getKey() + "=" + StringUtils + .join(",", entry.getValue())); + } + printWriter.close(); + + return dockerCommandFile.toString(); + } catch (IOException e) { + LOG.warn("Unable to write docker command to temporary file!"); + throw new ContainerExecutionException(e); + } + } } diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java index 132a2025bf7..ae3b6514b22 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java @@ -30,8 +30,10 @@ import org.apache.hadoop.security.Credentials; import org.apache.hadoop.util.Shell; import org.apache.hadoop.util.StringUtils; +import org.apache.hadoop.yarn.api.records.ApplicationAttemptId; import org.apache.hadoop.yarn.api.records.ContainerId; import org.apache.hadoop.yarn.api.records.ContainerLaunchContext; +import org.apache.hadoop.yarn.server.nodemanager.LocalDirsHandlerService; import org.apache.hadoop.yarn.util.DockerClientConfigHandler; import org.apache.hadoop.yarn.conf.YarnConfiguration; import org.apache.hadoop.yarn.security.TestDockerClientConfigHandler; @@ -101,6 +103,7 @@ import static org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.LinuxContainerRuntimeConstants.SIGNAL; import static org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.LinuxContainerRuntimeConstants.USER; import static org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.LinuxContainerRuntimeConstants.USER_FILECACHE_DIRS; +import static org.mockito.Matchers.anyString; import static org.mockito.Mockito.any; import static org.mockito.Mockito.anyBoolean; import static org.mockito.Mockito.anyList; @@ -120,7 +123,9 @@ private String containerId; private Container container; private ContainerId cId; + private ApplicationAttemptId appAttemptId; private ContainerLaunchContext context; + private Context nmContext; private HashMap env; private String image; private String uidGidPair; @@ -161,14 +166,17 @@ public void setup() { containerId = "container_id"; container = mock(Container.class); cId = mock(ContainerId.class); + appAttemptId = mock(ApplicationAttemptId.class); context = mock(ContainerLaunchContext.class); env = new HashMap(); env.put("FROM_CLIENT", "1"); image = "busybox:latest"; + nmContext = createMockNMContext(); env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_IMAGE, image); when(container.getContainerId()).thenReturn(cId); when(cId.toString()).thenReturn(containerId); + when(cId.getApplicationAttemptId()).thenReturn(appAttemptId); when(container.getLaunchContext()).thenReturn(context); when(context.getEnvironment()).thenReturn(env); when(container.getUser()).thenReturn(submittingUser); @@ -257,6 +265,29 @@ public void setup() { .setExecutionAttribute(RESOURCES_OPTIONS, resourcesOptions); } + public Context createMockNMContext() { + Context mockNMContext = mock(Context.class); + LocalDirsHandlerService localDirsHandler = + mock(LocalDirsHandlerService.class); + ResourcePluginManager resourcePluginManager = + mock(ResourcePluginManager.class); + + String tmpPath = new StringBuffer(System.getProperty("test.build.data")) + .append('/').append("hadoop.tmp.dir").toString(); + + when(mockNMContext.getLocalDirsHandler()).thenReturn(localDirsHandler); + when(mockNMContext.getResourcePluginManager()) + .thenReturn(resourcePluginManager); + + try { + when(localDirsHandler.getLocalPathForWrite(anyString())) + .thenReturn(new Path(tmpPath)); + } catch (IOException ioe) { + LOG.info("LocalDirsHandler failed" + ioe); + } + return mockNMContext; + } + @Test public void testSelectDockerContainerType() { Map envDockerType = new HashMap<>(); @@ -333,7 +364,7 @@ public void testDockerContainerLaunch() IOException { DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); runtime.launchContainer(builder.build()); PrivilegedOperation op = capturePrivilegedOperationAndVerifyArgs(); @@ -382,7 +413,7 @@ public void testContainerLaunchWithUserRemapping() true); DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); runtime.launchContainer(builder.build()); PrivilegedOperation op = capturePrivilegedOperationAndVerifyArgs(); @@ -431,7 +462,7 @@ public void testAllowedNetworksConfiguration() throws DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime(mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); //invalid default network configuration - sdn2 is included in allowed // networks @@ -447,7 +478,7 @@ public void testAllowedNetworksConfiguration() throws try { runtime = new DockerLinuxContainerRuntime(mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); Assert.fail("Invalid default network configuration should did not " + "trigger initialization failure."); } catch (ContainerExecutionException e) { @@ -463,7 +494,7 @@ public void testAllowedNetworksConfiguration() throws validDefaultNetwork); runtime = new DockerLinuxContainerRuntime(mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); } @Test @@ -473,7 +504,7 @@ public void testContainerLaunchWithNetworkingDefaults() PrivilegedOperationException { DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime(mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); Random randEngine = new Random(); String disallowedNetwork = "sdn" + Integer.toString(randEngine.nextInt()); @@ -549,7 +580,7 @@ public void testContainerLaunchWithHostDnsNetwork() conf.setBoolean(RegistryConstants.KEY_DNS_ENABLED, true); DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime(mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); String expectedHostname = "test.hostname"; env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_HOSTNAME, @@ -620,7 +651,7 @@ public void testContainerLaunchWithCustomNetworks() customNetwork1); //this should cause no failures. - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); runtime.launchContainer(builder.build()); PrivilegedOperation op = capturePrivilegedOperationAndVerifyArgs(); List args = op.getArguments(); @@ -728,7 +759,7 @@ public void testLaunchPidNamespaceContainersInvalidEnvVar() IOException { DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put(DockerLinuxContainerRuntime .ENV_DOCKER_CONTAINER_PID_NAMESPACE, "invalid-value"); @@ -756,7 +787,7 @@ public void testLaunchPidNamespaceContainersWithDisabledSetting() throws ContainerExecutionException { DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put(DockerLinuxContainerRuntime .ENV_DOCKER_CONTAINER_PID_NAMESPACE, "host"); @@ -779,7 +810,7 @@ public void testLaunchPidNamespaceContainersEnabled() DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put(DockerLinuxContainerRuntime .ENV_DOCKER_CONTAINER_PID_NAMESPACE, "host"); @@ -830,7 +861,7 @@ public void testLaunchPrivilegedContainersInvalidEnvVar() IOException { DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put(DockerLinuxContainerRuntime .ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER, "invalid-value"); @@ -858,7 +889,7 @@ public void testLaunchPrivilegedContainersWithDisabledSetting() throws ContainerExecutionException { DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put(DockerLinuxContainerRuntime .ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER, "true"); @@ -880,7 +911,7 @@ public void testLaunchPrivilegedContainersWithEnabledSettingAndDefaultACL() DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put(DockerLinuxContainerRuntime .ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER, "true"); @@ -909,7 +940,7 @@ public void testLaunchPrivilegedContainersWithEnabledSettingAndDefaultACL() DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put(DockerLinuxContainerRuntime .ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER, "true"); @@ -936,7 +967,7 @@ public void testLaunchPrivilegedContainersWithEnabledSettingAndDefaultACL() DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put(DockerLinuxContainerRuntime .ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER, "true"); @@ -989,7 +1020,7 @@ public void testCGroupParent() throws ContainerExecutionException { DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime (mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); String resourceOptionsNone = "cgroups=none"; DockerRunCommand command = Mockito.mock(DockerRunCommand.class); @@ -1016,7 +1047,7 @@ public void testCGroupParent() throws ContainerExecutionException { runtime = new DockerLinuxContainerRuntime (mockExecutor, null); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); runtime.addCGroupParentIfRequired(resourceOptionsNone, containerIdStr, command); @@ -1031,7 +1062,7 @@ public void testCGroupParent() throws ContainerExecutionException { public void testMountSourceOnly() throws ContainerExecutionException { DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put( DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS, @@ -1051,7 +1082,7 @@ public void testMountSourceTarget() IOException { DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put( DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS, @@ -1102,7 +1133,7 @@ public void testMountSourceTarget() public void testMountInvalid() throws ContainerExecutionException { DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put( DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS, @@ -1122,7 +1153,7 @@ public void testMountMultiple() IOException { DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put( DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS, @@ -1177,7 +1208,7 @@ public void testUserMounts() IOException { DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put( DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_MOUNTS, @@ -1228,7 +1259,7 @@ public void testUserMounts() public void testUserMountInvalid() throws ContainerExecutionException { DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put( DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_MOUNTS, @@ -1246,7 +1277,7 @@ public void testUserMountInvalid() throws ContainerExecutionException { public void testUserMountModeInvalid() throws ContainerExecutionException { DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put( DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_MOUNTS, @@ -1264,7 +1295,7 @@ public void testUserMountModeInvalid() throws ContainerExecutionException { public void testUserMountModeNulInvalid() throws ContainerExecutionException { DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime( mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); env.put( DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_MOUNTS, @@ -1554,7 +1585,7 @@ private void testDockerCommandPluginWithVolumesOutput( any(File.class), anyMap(), anyBoolean(), anyBoolean())).thenReturn( dockerVolumeListOutput); - Context nmContext = mock(Context.class); + Context mockNMContext = createMockNMContext(); ResourcePluginManager rpm = mock(ResourcePluginManager.class); Map pluginsMap = new HashMap<>(); ResourcePlugin plugin1 = mock(ResourcePlugin.class); @@ -1571,9 +1602,9 @@ private void testDockerCommandPluginWithVolumesOutput( when(rpm.getNameToPlugins()).thenReturn(pluginsMap); - when(nmContext.getResourcePluginManager()).thenReturn(rpm); + when(mockNMContext.getResourcePluginManager()).thenReturn(rpm); - runtime.initialize(conf, nmContext); + runtime.initialize(conf, mockNMContext); ContainerRuntimeContext containerRuntimeContext = builder.build(); @@ -1651,7 +1682,7 @@ public void testDockerCommandPlugin() throws Exception { any(File.class), anyMap(), anyBoolean(), anyBoolean())).thenReturn( "volume1,local"); - Context nmContext = mock(Context.class); + Context mockNMContext = createMockNMContext(); ResourcePluginManager rpm = mock(ResourcePluginManager.class); Map pluginsMap = new HashMap<>(); ResourcePlugin plugin1 = mock(ResourcePlugin.class); @@ -1668,9 +1699,9 @@ public void testDockerCommandPlugin() throws Exception { when(rpm.getNameToPlugins()).thenReturn(pluginsMap); - when(nmContext.getResourcePluginManager()).thenReturn(rpm); + when(mockNMContext.getResourcePluginManager()).thenReturn(rpm); - runtime.initialize(conf, nmContext); + runtime.initialize(conf, mockNMContext); ContainerRuntimeContext containerRuntimeContext = builder.build(); @@ -1728,7 +1759,7 @@ public void testDockerCapabilities() throws ContainerExecutionException { try { conf.setStrings(YarnConfiguration.NM_DOCKER_CONTAINER_CAPABILITIES, "none", "CHOWN", "DAC_OVERRIDE"); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); Assert.fail("Initialize didn't fail with invalid capabilities " + "'none', 'CHOWN', 'DAC_OVERRIDE'"); } catch (ContainerExecutionException e) { @@ -1737,7 +1768,7 @@ public void testDockerCapabilities() throws ContainerExecutionException { try { conf.setStrings(YarnConfiguration.NM_DOCKER_CONTAINER_CAPABILITIES, "CHOWN", "DAC_OVERRIDE", "NONE"); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); Assert.fail("Initialize didn't fail with invalid capabilities " + "'CHOWN', 'DAC_OVERRIDE', 'NONE'"); } catch (ContainerExecutionException e) { @@ -1745,17 +1776,17 @@ public void testDockerCapabilities() throws ContainerExecutionException { conf.setStrings(YarnConfiguration.NM_DOCKER_CONTAINER_CAPABILITIES, "NONE"); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); Assert.assertEquals(0, runtime.getCapabilities().size()); conf.setStrings(YarnConfiguration.NM_DOCKER_CONTAINER_CAPABILITIES, "none"); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); Assert.assertEquals(0, runtime.getCapabilities().size()); conf.setStrings(YarnConfiguration.NM_DOCKER_CONTAINER_CAPABILITIES, "CHOWN", "DAC_OVERRIDE"); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); Iterator it = runtime.getCapabilities().iterator(); Assert.assertEquals("CHOWN", it.next()); Assert.assertEquals("DAC_OVERRIDE", it.next()); @@ -1783,7 +1814,7 @@ public void testLaunchContainerWithDockerTokens() when(context.getTokens()).thenReturn(tokens); DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime(mockExecutor, mockCGroupsHandler); - runtime.initialize(conf, null); + runtime.initialize(conf, nmContext); Set perms = PosixFilePermissions.fromString("rwxr-xr--");