[
https://issues.apache.org/jira/browse/YARN-9391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16796521#comment-16796521
]
Jim Brennan commented on YARN-9391:
-----------------------------------
{quote}
The whitelist needs to behave differently for docker containers and non-docker
containers.
{quote}
[~ebadger] I'm not sure this is what we want. It already does behave
differently in that for non-Entry-Point docker, the docker image can override
whitelist variables.
I think this issue is specific to the entry-point case where whitelist
variables override those specified in the image.
> Disable PATH variable to be passed to Docker container
> ------------------------------------------------------
>
> Key: YARN-9391
> URL: https://issues.apache.org/jira/browse/YARN-9391
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Eric Yang
> Priority: Major
>
> This is observed from using Apache NiFi docker image. It makes assumption
> that PATH variable contains /bin to reference to system utility. Where host
> YARN environment PATH variable is default to leaked into container by
> accident and not containing /bin path (default configuration). In general,
> it seems like node manager should block PATH variable from leaking into
> container. Not sure if there is a valid use case that host PATH variable
> must leak into container from docker point of view. From Hadoop point of
> view, if container is merely a chroot, and container is a mirror image of
> host worker dir. It is good to keep host PATH variable the same.
> Maybe we want to be more specific that block PATH variable to leak into
> Docker container, if it is using ENTRYPOINT only?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
