@InterfaceAudience.Private @InterfaceStability.Unstable public class JavaSandboxLinuxContainerRuntime extends DefaultLinuxContainerRuntime
This class extends the DefaultLinuxContainerRuntime
specifically
for containers which run Java commands. It generates a new java security
policy file per container and modifies the java command to enable the
Java Security Manager with the generated policy.
JavaSandboxLinuxContainerRuntime
can be modified
using the following settings:
LinuxContainerRuntime
is disabledContainerExecutionException
will be thrown.read
for read-only.
Modifier and Type | Class and Description |
---|---|
static class |
JavaSandboxLinuxContainerRuntime.SandboxMode
Enumeration of the modes the JavaSandboxLinuxContainerRuntime can use.
|
Modifier and Type | Field and Description |
---|---|
static String |
POLICY_FILE_DIR |
Constructor and Description |
---|
JavaSandboxLinuxContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor)
Create an instance using the given
PrivilegedOperationExecutor
instance for performing operations. |
Modifier and Type | Method and Description |
---|---|
void |
initialize(org.apache.hadoop.conf.Configuration conf,
Context nmContext)
Initialize the runtime.
|
boolean |
isRuntimeRequested(Map<String,String> env)
Determine if JVMSandboxLinuxContainerRuntime should be used.
|
void |
launchContainer(ContainerRuntimeContext ctx)
Launch a container.
|
void |
prepareContainer(ContainerRuntimeContext ctx)
Prior to environment from being written locally need to generate
policy file which limits container access to a small set of directories.
|
void |
relaunchContainer(ContainerRuntimeContext ctx)
Relaunch a container.
|
execContainer, getExposedPorts, getIpAndHost, reapContainer, signalContainer
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getLocalResources, start, stop
public static final String POLICY_FILE_DIR
public JavaSandboxLinuxContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor)
PrivilegedOperationExecutor
instance for performing operations.privilegedOperationExecutor
- the PrivilegedOperationExecutor
instancepublic void initialize(org.apache.hadoop.conf.Configuration conf, Context nmContext) throws ContainerExecutionException
LinuxContainerRuntime
initialize
in interface LinuxContainerRuntime
initialize
in class DefaultLinuxContainerRuntime
conf
- the Configuration
to usenmContext
- NMContextContainerExecutionException
- if an error occurs while initializing
the runtimepublic void prepareContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException
-Djava.security.manager
.prepareContainer
in interface ContainerRuntime
prepareContainer
in class DefaultLinuxContainerRuntime
ctx
- The ContainerRuntimeContext
containing container
setup properties.ContainerExecutionException
- Exception thrown if temporary policy
file directory can't be created, or if any exceptions occur during policy
file parsing and generation.public void launchContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException
ContainerRuntime
launchContainer
in interface ContainerRuntime
launchContainer
in class DefaultLinuxContainerRuntime
ctx
- the ContainerRuntimeContext
ContainerExecutionException
- if an error occurs while launching
the containerpublic void relaunchContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException
ContainerRuntime
relaunchContainer
in interface ContainerRuntime
relaunchContainer
in class DefaultLinuxContainerRuntime
ctx
- the ContainerRuntimeContext
ContainerExecutionException
- if an error occurs while relaunching
the containerpublic boolean isRuntimeRequested(Map<String,String> env)
isRuntimeRequested
in interface LinuxContainerRuntime
isRuntimeRequested
in class DefaultLinuxContainerRuntime
env
- the environment variable settings for the operationCopyright © 2008–2023 Apache Software Foundation. All rights reserved.