Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

YARN-5394. Remove bind-mount /etc/passwd for Docker containers. Contributed by Zhankun Tang.

This commit is contained in:
Varun Vasudev 2016-08-09 16:04:09 +05:30
parent 82c9e06101
commit 522ddbde79
2 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
View File

@ -343,8 +343,7 @@ public class DockerLinuxContainerRuntime implements LinuxContainerRuntime {
.detachOnRun() .detachOnRun()
.setContainerWorkDir(containerWorkDir.toString()) .setContainerWorkDir(containerWorkDir.toString())
.setNetworkType(network) .setNetworkType(network)
.setCapabilities(capabilities) .setCapabilities(capabilities);
.addMountLocation("/etc/passwd", "/etc/password:ro");
List<String> allDirs = new ArrayList<>(containerLocalDirs); List<String> allDirs = new ArrayList<>(containerLocalDirs);
allDirs.addAll(filecacheDirs); allDirs.addAll(filecacheDirs);

4
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
View File

@ -276,7 +276,6 @@ public class TestDockerContainerRuntime {
.append("--workdir=%3$s ") .append("--workdir=%3$s ")
.append("--net=host ") .append("--net=host ")
.append(getExpectedTestCapabilitiesArgumentString()) .append(getExpectedTestCapabilitiesArgumentString())
.append("-v /etc/passwd:/etc/password:ro ")
.append("-v %4$s:%4$s ") .append("-v %4$s:%4$s ")
.append("-v %5$s:%5$s ") .append("-v %5$s:%5$s ")
.append("-v %6$s:%6$s ") .append("-v %6$s:%6$s ")
@ -382,7 +381,6 @@ public class TestDockerContainerRuntime {
.append("--workdir=%3$s ") .append("--workdir=%3$s ")
.append("--net=" + allowedNetwork + " ") .append("--net=" + allowedNetwork + " ")
.append(getExpectedTestCapabilitiesArgumentString()) .append(getExpectedTestCapabilitiesArgumentString())
.append("-v /etc/passwd:/etc/password:ro ")
.append("-v %4$s:%4$s ").append("-v %5$s:%5$s ") .append("-v %4$s:%4$s ").append("-v %5$s:%5$s ")
.append("-v %6$s:%6$s ").append("-v %7$s:%7$s ") .append("-v %6$s:%6$s ").append("-v %7$s:%7$s ")
.append("-v %8$s:%8$s ").append("%9$s ") .append("-v %8$s:%8$s ").append("%9$s ")
@ -437,7 +435,6 @@ public class TestDockerContainerRuntime {
.append("--workdir=%3$s ") .append("--workdir=%3$s ")
.append("--net=" + customNetwork1 + " ") .append("--net=" + customNetwork1 + " ")
.append(getExpectedTestCapabilitiesArgumentString()) .append(getExpectedTestCapabilitiesArgumentString())
.append("-v /etc/passwd:/etc/password:ro ")
.append("-v %4$s:%4$s ").append("-v %5$s:%5$s ") .append("-v %4$s:%4$s ").append("-v %5$s:%5$s ")
.append("-v %6$s:%6$s ").append("-v %7$s:%7$s ") .append("-v %6$s:%6$s ").append("-v %7$s:%7$s ")
.append("-v %8$s:%8$s ").append("%9$s ") .append("-v %8$s:%8$s ").append("%9$s ")
@ -474,7 +471,6 @@ public class TestDockerContainerRuntime {
.append("--workdir=%3$s ") .append("--workdir=%3$s ")
.append("--net=" + customNetwork2 + " ") .append("--net=" + customNetwork2 + " ")
.append(getExpectedTestCapabilitiesArgumentString()) .append(getExpectedTestCapabilitiesArgumentString())
.append("-v /etc/passwd:/etc/password:ro ")
.append("-v %4$s:%4$s ").append("-v %5$s:%5$s ") .append("-v %4$s:%4$s ").append("-v %5$s:%5$s ")
.append("-v %6$s:%6$s ").append("-v %7$s:%7$s ") .append("-v %6$s:%6$s ").append("-v %7$s:%7$s ")
.append("-v %8$s:%8$s ").append("%9$s ") .append("-v %8$s:%8$s ").append("%9$s ")