[
https://issues.apache.org/jira/browse/YARN-7904?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16778742#comment-16778742
]
Eric Yang commented on YARN-7904:
---------------------------------
There is a problem with patch 4 that entry_point variable isn't initialized in
get_docker_run_command. This caused the unit test to fail. I moved the logic
to set entry_point variable into get_docker_run_command in patch 5 for the test
to pass correctly.
> Privileged, trusted containers need all of their bind-mounted directories to
> be read-only
> -----------------------------------------------------------------------------------------
>
> Key: YARN-7904
> URL: https://issues.apache.org/jira/browse/YARN-7904
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Eric Badger
> Assignee: Eric Yang
> Priority: Major
> Labels: Docker
> Attachments: YARN-7904.001.patch, YARN-7904.004.patch,
> YARN-7904.005.patch, YARN-8805.002.patch, YARN-8805.003.patch
>
>
> Since they will be running as some other user than themselves, the NM likely
> won't be able to clean up after them because of permissions issues. So, to
> prevent this, we should make these directories read-only.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
