From 522ddbde79cd453cac066b6136f004f54e2123b0 Mon Sep 17 00:00:00 2001 From: Varun Vasudev Date: Tue, 9 Aug 2016 16:04:09 +0530 Subject: [PATCH] YARN-5394. Remove bind-mount /etc/passwd for Docker containers. Contributed by Zhankun Tang. --- .../linux/runtime/DockerLinuxContainerRuntime.java | 3 +-- .../linux/runtime/TestDockerContainerRuntime.java | 4 ---- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java index 0cfdd050e29..dc56ab053a8 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java @@ -343,8 +343,7 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime { .detachOnRun() .setContainerWorkDir(containerWorkDir.toString()) .setNetworkType(network) - .setCapabilities(capabilities) - .addMountLocation("/etc/passwd", "/etc/password:ro"); + .setCapabilities(capabilities); List allDirs = new ArrayList<>(containerLocalDirs); allDirs.addAll(filecacheDirs); diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java index a29b174a1ad..ad8b52d6e13 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java @@ -276,7 +276,6 @@ public class TestDockerContainerRuntime { .append("--workdir=%3$s ") .append("--net=host ") .append(getExpectedTestCapabilitiesArgumentString()) - .append("-v /etc/passwd:/etc/password:ro ") .append("-v %4$s:%4$s ") .append("-v %5$s:%5$s ") .append("-v %6$s:%6$s ") @@ -382,7 +381,6 @@ public class TestDockerContainerRuntime { .append("--workdir=%3$s ") .append("--net=" + allowedNetwork + " ") .append(getExpectedTestCapabilitiesArgumentString()) - .append("-v /etc/passwd:/etc/password:ro ") .append("-v %4$s:%4$s ").append("-v %5$s:%5$s ") .append("-v %6$s:%6$s ").append("-v %7$s:%7$s ") .append("-v %8$s:%8$s ").append("%9$s ") @@ -437,7 +435,6 @@ public class TestDockerContainerRuntime { .append("--workdir=%3$s ") .append("--net=" + customNetwork1 + " ") .append(getExpectedTestCapabilitiesArgumentString()) - .append("-v /etc/passwd:/etc/password:ro ") .append("-v %4$s:%4$s ").append("-v %5$s:%5$s ") .append("-v %6$s:%6$s ").append("-v %7$s:%7$s ") .append("-v %8$s:%8$s ").append("%9$s ") @@ -474,7 +471,6 @@ public class TestDockerContainerRuntime { .append("--workdir=%3$s ") .append("--net=" + customNetwork2 + " ") .append(getExpectedTestCapabilitiesArgumentString()) - .append("-v /etc/passwd:/etc/password:ro ") .append("-v %4$s:%4$s ").append("-v %5$s:%5$s ") .append("-v %6$s:%6$s ").append("-v %7$s:%7$s ") .append("-v %8$s:%8$s ").append("%9$s ")