[jira] [Commented] (YARN-9391) Disable PATH variable to be passed to Docker container

[Hudson (JIRA)]

    [ 
https://issues.apache.org/jira/browse/YARN-9391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16801020#comment-16801020
 ] 

Hudson commented on YARN-9391:
------------------------------

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #16277 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/16277/])
YARN-9391.  Fixed node manager environment leaks into Docker containers. 
(eyang: rev 3c45762a0bfb403e069a03e30d35dd11432ee8b0)
* (edit) 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/ContainerExecutor.java
* (edit) 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/launcher/TestContainerLaunch.java


> Disable PATH variable to be passed to Docker container
> ------------------------------------------------------
>
>                 Key: YARN-9391
>                 URL: https://issues.apache.org/jira/browse/YARN-9391
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>    Affects Versions: 3.2.0, 3.1.1, 3.1.2
>            Reporter: Eric Yang
>            Assignee: Jim Brennan
>            Priority: Major
>             Fix For: 3.3.0, 3.2.1, 3.1.3
>
>         Attachments: YARN-9391.001.patch
>
>
> This is observed from using Apache NiFi docker image.  It makes assumption 
> that PATH variable contains /bin to reference to system utility.  Where host 
> YARN environment PATH variable is default to leaked into container by 
> accident and not containing /bin path (default configuration).  In general, 
> it seems like node manager should block PATH variable from leaking into 
> container.  Not sure if there is a valid use case that host PATH variable 
> must leak into container from docker point of view.  From Hadoop point of 
> view, if container is merely a chroot, and container is a mirror image of 
> host worker dir.  It is good to keep host PATH variable the same.
> Maybe we want to be more specific that block PATH variable to leak into 
> Docker container, if it is using ENTRYPOINT only?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org