Repository: hadoop Updated Branches: refs/heads/branch-3.1 d51e4affb -> 08053c4ea refs/heads/trunk 5b88cb339 -> 0c5d7d71a
Revert "HADOOP-15195. With SELinux enabled, directories mounted with start-build-env.sh may not be accessible. Contributed by Grigori Rybkine" This reverts commit 5b88cb339898f82519223bcd07e1caedff02d051. Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/9cc6d1df Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/9cc6d1df Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/9cc6d1df Branch: refs/heads/trunk Commit: 9cc6d1dfb351f505aaa8f9f028068650b3b00d0d Parents: 5b88cb3 Author: Chris Douglas <cdoug...@apache.org> Authored: Mon Feb 12 21:06:10 2018 -0800 Committer: Chris Douglas <cdoug...@apache.org> Committed: Mon Feb 12 21:06:10 2018 -0800 ---------------------------------------------------------------------- .../src/test/scripts/start-build-env.bats | 102 ------------------- start-build-env.sh | 32 +----- 2 files changed, 3 insertions(+), 131 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/9cc6d1df/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats b/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats deleted file mode 100644 index 0c32bcf..0000000 --- a/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats +++ /dev/null @@ -1,102 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -load hadoop-functions_test_helper - -# Mock docker command -docker () { - if [ "$1" = "-v" ]; then - shift - echo Docker version ${DCKR_MOCK_VER:?} - elif [ "$1" = run ]; then - shift - until [ $# -eq 0 ]; do - if [ "$1" = -v ]; then - shift - echo "$1"|awk -F':' '{if (NF == 3 && $3 == "z") - printf "Mounted %s with %s option.\n", $1, $3 - else if (NF == 2) - printf "Mounted %s without %s option.\n", $1, "z"}' - fi - shift - done - fi -} -export -f docker -export DCKR_MOCK_VER - -# Mock a SELinux enabled system -enable_selinux () { - mkdir -p "${TMP}/bin" - echo true >"${TMP}/bin"/selinuxenabled - chmod a+x "${TMP}/bin"/selinuxenabled - if [ "${PATH#${TMP}/bin}" = "${PATH}" ]; then - PATH="${TMP}/bin":"$PATH" - fi -} - -setup_user () { - if [ -z "$(printenv USER)" ]; then - if [ -z "$USER" ]; then - USER=${HOME##*/} - fi - export USER - fi -} - -# Mock stat command as used in start-build-env.sh -stat () { - if [ "$1" = --printf='%C' -a $# -eq 2 ]; then - printf 'mock_u:mock_r:mock_t:s0' - else - command stat "$@" - fi -} -export -f stat - -# Verify that host directories get mounted without z option -# and INFO messages get printed out -@test "start-build-env.sh (Docker without z mount option)" { - if [ "$(uname -s)" != "Linux" ]; then - skip "Not on Linux platform" - fi - enable_selinux - setup_user - DCKR_MOCK_VER=1.4 - run "${BATS_TEST_DIRNAME}/../../../../../start-build-env.sh" - [ "$status" -eq 0 ] - [[ ${lines[0]} == "INFO: SELinux policy is enforced." ]] - [[ ${lines[1]} =~ \ - "Mounted ".*" may not be accessible to the container." ]] - [[ ${lines[2]} == \ - "INFO: If so, on the host, run the following command:" ]] - [[ ${lines[3]} =~ "# chcon -Rt svirt_sandbox_file_t " ]] - [[ ${lines[-2]} =~ "Mounted ".*" without z option." ]] - [[ ${lines[-1]} =~ "Mounted ".*" without z option." ]] -} - -# Verify that host directories get mounted with z option -@test "start-build-env.sh (Docker with z mount option)" { - if [ "$(uname -s)" != "Linux" ]; then - skip "Not on Linux platform" - fi - enable_selinux - setup_user - DCKR_MOCK_VER=1.7 - run "${BATS_TEST_DIRNAME}/../../../../../start-build-env.sh" - [ "$status" -eq 0 ] - [[ ${lines[-2]} =~ "Mounted ".*" with z option." ]] - [[ ${lines[-1]} =~ "Mounted ".*" with z option." ]] -} http://git-wip-us.apache.org/repos/asf/hadoop/blob/9cc6d1df/start-build-env.sh ---------------------------------------------------------------------- diff --git a/start-build-env.sh b/start-build-env.sh index 60efea5..5a18151 100755 --- a/start-build-env.sh +++ b/start-build-env.sh @@ -21,36 +21,10 @@ cd "$(dirname "$0")" # connect to root docker build -t hadoop-build dev-support/docker -if [ "$(uname -s)" = "Linux" ]; then +if [ "$(uname -s)" == "Linux" ]; then USER_NAME=${SUDO_USER:=$USER} USER_ID=$(id -u "${USER_NAME}") GROUP_ID=$(id -g "${USER_NAME}") - # man docker-run - # When using SELinux, mounted directories may not be accessible - # to the container. To work around this, with Docker prior to 1.7 - # one needs to run the "chcon -Rt svirt_sandbox_file_t" command on - # the directories. With Docker 1.7 and later the z mount option - # does this automatically. - if command -v selinuxenabled >/dev/null && selinuxenabled; then - DCKR_VER=$(docker -v|awk '$1 == "Docker" && $2 == "version"\ - {split($3,ver,".");print ver[1]"."ver[2]}') - DCKR_MAJ=${DCKR_VER%.*} - DCKR_MIN=${DCKR_VER#*.} - if [ "${DCKR_MAJ}" -eq 1 ] && [ "${DCKR_MIN}" -ge 7 ] || - [ "${DCKR_MAJ}" -gt 1 ]; then - V_OPTS=:z - else - for d in "${PWD}" "${HOME}/.m2"; do - ctx=$(stat --printf='%C' "$d"|cut -d':' -f3) - if [ "$ctx" != svirt_sandbox_file_t ] && [ "$ctx" != container_file_t ]; then - printf 'INFO: SELinux policy is enforced.\n' - printf '\tMounted %s may not be accessible to the container.\n' "$d" - printf 'INFO: If so, on the host, run the following command:\n' - printf '\t# chcon -Rt svirt_sandbox_file_t %s\n' "$d" - fi - done - fi - fi else # boot2docker uid and gid USER_NAME=$USER USER_ID=1000 @@ -71,8 +45,8 @@ UserSpecificDocker # system. And this also is a significant speedup in subsequent # builds because the dependencies are downloaded only once. docker run --rm=true -t -i \ - -v "${PWD}:/home/${USER_NAME}/hadoop${V_OPTS:-}" \ + -v "${PWD}:/home/${USER_NAME}/hadoop" \ -w "/home/${USER_NAME}/hadoop" \ - -v "${HOME}/.m2:/home/${USER_NAME}/.m2${V_OPTS:-}" \ + -v "${HOME}/.m2:/home/${USER_NAME}/.m2" \ -u "${USER_NAME}" \ "hadoop-build-${USER_ID}" --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org