[jira] [Commented] (YARN-7286) Add support for docker to have no capabilities

Wed, 11 Oct 2017 06:37:26 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-7286?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16200276#comment-16200276
 ] 

Eric Badger commented on YARN-7286:
-----------------------------------

bq. The none approach makes best sense to me. The 
DEFAULT_NM_DOCKER_CONTAINER_CAPABILITIES was added because it's unreasonable to 
expect every user to specify capabilities.
Well, yes, but that's at the discretion of the admin. If they want to give the 
user 0 capabilities, then they should be able to. The question is what the best 
way to do that is. If I were to look at yarn-site.xml and see <value></value> 
for the capabilities, I would implicitly think there are no capabilities given, 
since this is an empty list. However, this would actually give the default list 
of capabilities. 

bq. As to lower-case vs upper-case, the upper case is just a recommendation, we 
should go with whatever we think makes sense.
My reasoning behind only using "none" instead of "NONE" was so that it was 
noticeably different. IMO something like "SETUID, SETGID, none" is more 
obviously out of place than "SETUID, SETGID, NONE". But I'm fine if we want to 
add support for upper case as well. 

> Add support for docker to have no capabilities
> ----------------------------------------------
>
>                 Key: YARN-7286
>                 URL: https://issues.apache.org/jira/browse/YARN-7286
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn
>            Reporter: Eric Badger
>            Assignee: Eric Badger
>         Attachments: YARN-7286.001.patch, YARN-7286.002.patch, 
> YARN-7286.003.patch
>
>
> Support for controlling capabilities was introduced in YARN-4258. However, it 
> does not allow for the capabilities list to be NULL, since {{getStrings()}} 
> will treat an empty value the same as it treats an unset property. So, a NULL 
> list will actually give the default capabilities list.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to