Repository: spark Updated Branches: refs/heads/master a5fb5b62c -> d6d1224ff
[SPARK-25275][K8S] require memberhip in wheel to run 'su' in dockerfiles ## What changes were proposed in this pull request? Add a PAM configuration in k8s dockerfile to require authentication into wheel to run as `su` ## How was this patch tested? Verify against CI that PAM config succeeds & causes no regressions Closes #22285 from erikerlandson/spark-25275. Authored-by: Erik Erlandson <eerla...@redhat.com> Signed-off-by: Erik Erlandson <eerla...@redhat.com> Project: http://git-wip-us.apache.org/repos/asf/spark/repo Commit: http://git-wip-us.apache.org/repos/asf/spark/commit/d6d1224f Tree: http://git-wip-us.apache.org/repos/asf/spark/tree/d6d1224f Diff: http://git-wip-us.apache.org/repos/asf/spark/diff/d6d1224f Branch: refs/heads/master Commit: d6d1224ffab7ce980b80da459f68502be13d72fc Parents: a5fb5b6 Author: Erik Erlandson <eerla...@redhat.com> Authored: Thu Aug 30 14:07:04 2018 -0700 Committer: Erik Erlandson <eerla...@redhat.com> Committed: Thu Aug 30 14:07:04 2018 -0700 ---------------------------------------------------------------------- .../kubernetes/docker/src/main/dockerfiles/spark/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/spark/blob/d6d1224f/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/Dockerfile ---------------------------------------------------------------------- diff --git a/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/Dockerfile b/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/Dockerfile index 42a6701..071aa20 100644 --- a/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/Dockerfile +++ b/resource-managers/kubernetes/docker/src/main/dockerfiles/spark/Dockerfile @@ -29,12 +29,13 @@ ARG img_path=kubernetes/dockerfiles RUN set -ex && \ apk upgrade --no-cache && \ - apk add --no-cache bash tini libc6-compat && \ + apk add --no-cache bash tini libc6-compat linux-pam && \ mkdir -p /opt/spark && \ mkdir -p /opt/spark/work-dir && \ touch /opt/spark/RELEASE && \ rm /bin/sh && \ ln -sv /bin/bash /bin/sh && \ + echo "auth required pam_wheel.so use_uid" >> /etc/pam.d/su && \ chgrp root /etc/passwd && chmod ug+rw /etc/passwd COPY ${spark_jars} /opt/spark/jars --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@spark.apache.org For additional commands, e-mail: commits-h...@spark.apache.org
