hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Badger (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-7286) Add support for docker to have no capabilities
Date Wed, 11 Oct 2017 13:37:00 GMT

    [ https://issues.apache.org/jira/browse/YARN-7286?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16200276#comment-16200276
] 

Eric Badger commented on YARN-7286:
-----------------------------------

bq. The none approach makes best sense to me. The DEFAULT_NM_DOCKER_CONTAINER_CAPABILITIES
was added because it's unreasonable to expect every user to specify capabilities.
Well, yes, but that's at the discretion of the admin. If they want to give the user 0 capabilities,
then they should be able to. The question is what the best way to do that is. If I were to
look at yarn-site.xml and see <value></value> for the capabilities, I would implicitly
think there are no capabilities given, since this is an empty list. However, this would actually
give the default list of capabilities. 

bq. As to lower-case vs upper-case, the upper case is just a recommendation, we should go
with whatever we think makes sense.
My reasoning behind only using "none" instead of "NONE" was so that it was noticeably different.
IMO something like "SETUID, SETGID, none" is more obviously out of place than "SETUID, SETGID,
NONE". But I'm fine if we want to add support for upper case as well. 

> Add support for docker to have no capabilities
> ----------------------------------------------
>
>                 Key: YARN-7286
>                 URL: https://issues.apache.org/jira/browse/YARN-7286
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn
>            Reporter: Eric Badger
>            Assignee: Eric Badger
>         Attachments: YARN-7286.001.patch, YARN-7286.002.patch, YARN-7286.003.patch
>
>
> Support for controlling capabilities was introduced in YARN-4258. However, it does not
allow for the capabilities list to be NULL, since {{getStrings()}} will treat an empty value
the same as it treats an unset property. So, a NULL list will actually give the default capabilities
list.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message