[jira] [Updated] (YARN-7729) Add support for setting the PID namespace mode

Wed, 10 Jan 2018 11:45:40 -0800 

     [ 
https://issues.apache.org/jira/browse/YARN-7729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Shane Kumpf updated YARN-7729:
------------------------------
    Description: 
Docker has support for allowing containers to share the PID namespace with the 
host or other containers via the {{docker run --pid}} flag.

There are a number of use cases where this is desirable:
* Monitoring tools running in containers that need access to the host level 
PIDs.
* Debug containers that can attach to another container to run strace, gdb, etc.
* Testing Docker on YARN in a container, where the docker socket is bind 
mounted.

Enabling this feature should be considered privileged as it exposes host 
details inside the container.

  was:
Docker has support for allowing containers to share the PID namespace with the 
host or other containers via the {{docker run --pid}} flag.

There are a number of use cases where this is desirable:
* Monitoring tools running in containers that use process IDs.
* Debug containers that can attach to another container to run strace, gdb, etc.
* Testing Docker on YARN in a container, where the docker socket is bind 
mounted.

Enabling this feature should be considered privileged as it exposes host 
details inside the container.


> Add support for setting the PID namespace mode
> ----------------------------------------------
>
>                 Key: YARN-7729
>                 URL: https://issues.apache.org/jira/browse/YARN-7729
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: nodemanager
>            Reporter: Shane Kumpf
>
> Docker has support for allowing containers to share the PID namespace with 
> the host or other containers via the {{docker run --pid}} flag.
> There are a number of use cases where this is desirable:
> * Monitoring tools running in containers that need access to the host level 
> PIDs.
> * Debug containers that can attach to another container to run strace, gdb, 
> etc.
> * Testing Docker on YARN in a container, where the docker socket is bind 
> mounted.
> Enabling this feature should be considered privileged as it exposes host 
> details inside the container.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to