[ https://issues.apache.org/jira/browse/YARN-4262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14958691#comment-14958691 ]
Hadoop QA commented on YARN-4262: --------------------------------- \\ \\ | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:red}-1{color} | pre-patch | 22m 29s | Pre-patch trunk has 1 extant Findbugs (version 3.0.0) warnings. | | {color:green}+1{color} | @author | 0m 0s | The patch does not contain any @author tags. | | {color:green}+1{color} | tests included | 0m 0s | The patch appears to include 1 new or modified test files. | | {color:green}+1{color} | javac | 9m 31s | There were no new javac warning messages. | | {color:green}+1{color} | javadoc | 12m 22s | There were no new javadoc warning messages. | | {color:red}-1{color} | release audit | 0m 21s | The applied patch generated 1 release audit warnings. | | {color:red}-1{color} | checkstyle | 2m 2s | The applied patch generated 1 new checkstyle issues (total was 211, now 211). | | {color:green}+1{color} | whitespace | 0m 3s | The patch has no lines that end in whitespace. | | {color:green}+1{color} | install | 1m 39s | mvn install still works. | | {color:green}+1{color} | eclipse:eclipse | 0m 38s | The patch built with eclipse:eclipse. | | {color:red}-1{color} | findbugs | 3m 51s | Post-patch findbugs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager compilation is broken. | | {color:green}+1{color} | findbugs | 3m 51s | The patch does not introduce any new Findbugs (version ) warnings. | | {color:red}-1{color} | yarn tests | 0m 17s | Tests failed in hadoop-yarn-api. | | {color:green}+1{color} | yarn tests | 2m 12s | Tests passed in hadoop-yarn-common. | | {color:red}-1{color} | yarn tests | 0m 17s | Tests failed in hadoop-yarn-server-nodemanager. | | | | 56m 30s | | \\ \\ || Reason || Tests || | Failed build | hadoop-yarn-api | | | hadoop-yarn-server-nodemanager | \\ \\ || Subsystem || Report/Notes || | Patch URL | http://issues.apache.org/jira/secure/attachment/12766747/YARN-4262.002.patch | | Optional Tests | javadoc javac unit findbugs checkstyle | | git revision | trunk / 63020c5 | | Pre-patch Findbugs warnings | https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/trunkFindbugsWarningshadoop-yarn-server-nodemanager.html | | Release Audit | https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/patchReleaseAuditProblems.txt | | checkstyle | https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/diffcheckstylehadoop-yarn-api.txt | | hadoop-yarn-api test log | https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/testrun_hadoop-yarn-api.txt | | hadoop-yarn-common test log | https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/testrun_hadoop-yarn-common.txt | | hadoop-yarn-server-nodemanager test log | https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/testrun_hadoop-yarn-server-nodemanager.txt | | Test Results | https://builds.apache.org/job/PreCommit-YARN-Build/9450/testReport/ | | Java | 1.7.0_55 | | uname | Linux asf901.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Console output | https://builds.apache.org/job/PreCommit-YARN-Build/9450/console | This message was automatically generated. > Allow whitelisted users to run privileged docker containers. > ------------------------------------------------------------- > > Key: YARN-4262 > URL: https://issues.apache.org/jira/browse/YARN-4262 > Project: Hadoop YARN > Issue Type: Sub-task > Components: yarn > Reporter: Sidharta Seethana > Assignee: Sidharta Seethana > Attachments: YARN-4262.001.patch, YARN-4262.002.patch > > > (Updated based on discussion in the JIRA) > There are scenarios where privileged containers are necessary in order to run > certain kinds of applications (one example is trying to run postresql/oracle > inside containers). However, given the security implications, we should > ensure that : > 1) privileged containers are disabled by default > 2) if enabled, only a whitelisted set of users should be allowed to launch > such containers and > 3) Not all containers launched by whitelisted users need to be privileged > containers : whitelisted users need to explicitly request that a privileged > container be launched. -- This message was sent by Atlassian JIRA (v6.3.4#6332)