[
https://issues.apache.org/jira/browse/YARN-4262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14958691#comment-14958691
]
Hadoop QA commented on YARN-4262:
---------------------------------
\\
\\
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:red}-1{color} | pre-patch | 22m 29s | Pre-patch trunk has 1 extant
Findbugs (version 3.0.0) warnings. |
| {color:green}+1{color} | @author | 0m 0s | The patch does not contain any
@author tags. |
| {color:green}+1{color} | tests included | 0m 0s | The patch appears to
include 1 new or modified test files. |
| {color:green}+1{color} | javac | 9m 31s | There were no new javac warning
messages. |
| {color:green}+1{color} | javadoc | 12m 22s | There were no new javadoc
warning messages. |
| {color:red}-1{color} | release audit | 0m 21s | The applied patch generated
1 release audit warnings. |
| {color:red}-1{color} | checkstyle | 2m 2s | The applied patch generated 1
new checkstyle issues (total was 211, now 211). |
| {color:green}+1{color} | whitespace | 0m 3s | The patch has no lines that
end in whitespace. |
| {color:green}+1{color} | install | 1m 39s | mvn install still works. |
| {color:green}+1{color} | eclipse:eclipse | 0m 38s | The patch built with
eclipse:eclipse. |
| {color:red}-1{color} | findbugs | 3m 51s | Post-patch findbugs
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager
compilation is broken. |
| {color:green}+1{color} | findbugs | 3m 51s | The patch does not introduce
any new Findbugs (version ) warnings. |
| {color:red}-1{color} | yarn tests | 0m 17s | Tests failed in
hadoop-yarn-api. |
| {color:green}+1{color} | yarn tests | 2m 12s | Tests passed in
hadoop-yarn-common. |
| {color:red}-1{color} | yarn tests | 0m 17s | Tests failed in
hadoop-yarn-server-nodemanager. |
| | | 56m 30s | |
\\
\\
|| Reason || Tests ||
| Failed build | hadoop-yarn-api |
| | hadoop-yarn-server-nodemanager |
\\
\\
|| Subsystem || Report/Notes ||
| Patch URL |
http://issues.apache.org/jira/secure/attachment/12766747/YARN-4262.002.patch |
| Optional Tests | javadoc javac unit findbugs checkstyle |
| git revision | trunk / 63020c5 |
| Pre-patch Findbugs warnings |
https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/trunkFindbugsWarningshadoop-yarn-server-nodemanager.html
|
| Release Audit |
https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/patchReleaseAuditProblems.txt
|
| checkstyle |
https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/diffcheckstylehadoop-yarn-api.txt
|
| hadoop-yarn-api test log |
https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/testrun_hadoop-yarn-api.txt
|
| hadoop-yarn-common test log |
https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/testrun_hadoop-yarn-common.txt
|
| hadoop-yarn-server-nodemanager test log |
https://builds.apache.org/job/PreCommit-YARN-Build/9450/artifact/patchprocess/testrun_hadoop-yarn-server-nodemanager.txt
|
| Test Results |
https://builds.apache.org/job/PreCommit-YARN-Build/9450/testReport/ |
| Java | 1.7.0_55 |
| uname | Linux asf901.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP
PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Console output |
https://builds.apache.org/job/PreCommit-YARN-Build/9450/console |
This message was automatically generated.
> Allow whitelisted users to run privileged docker containers.
> -------------------------------------------------------------
>
> Key: YARN-4262
> URL: https://issues.apache.org/jira/browse/YARN-4262
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: yarn
> Reporter: Sidharta Seethana
> Assignee: Sidharta Seethana
> Attachments: YARN-4262.001.patch, YARN-4262.002.patch
>
>
> (Updated based on discussion in the JIRA)
> There are scenarios where privileged containers are necessary in order to run
> certain kinds of applications (one example is trying to run postresql/oracle
> inside containers). However, given the security implications, we should
> ensure that :
> 1) privileged containers are disabled by default
> 2) if enabled, only a whitelisted set of users should be allowed to launch
> such containers and
> 3) Not all containers launched by whitelisted users need to be privileged
> containers : whitelisted users need to explicitly request that a privileged
> container be launched.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
