@InterfaceAudience.Private @InterfaceStability.Unstable public class JavaSandboxLinuxContainerRuntime extends DefaultLinuxContainerRuntime
This class extends the DefaultLinuxContainerRuntime specifically
for containers which run Java commands. It generates a new java security
policy file per container and modifies the java command to enable the
Java Security Manager with the generated policy.
JavaSandboxLinuxContainerRuntime can be modified
using the following settings:
LinuxContainerRuntime
is disabledContainerExecutionException will be thrown.read for read-only.
| Modifier and Type | Class and Description |
|---|---|
static class |
JavaSandboxLinuxContainerRuntime.SandboxMode
Enumeration of the modes the JavaSandboxLinuxContainerRuntime can use.
|
| Modifier and Type | Field and Description |
|---|---|
static String |
POLICY_FILE_DIR |
| Constructor and Description |
|---|
JavaSandboxLinuxContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor)
Create an instance using the given
PrivilegedOperationExecutor
instance for performing operations. |
| Modifier and Type | Method and Description |
|---|---|
void |
initialize(org.apache.hadoop.conf.Configuration conf,
Context nmContext)
Initialize the runtime.
|
boolean |
isRuntimeRequested(Map<String,String> env)
Determine if JVMSandboxLinuxContainerRuntime should be used.
|
void |
launchContainer(ContainerRuntimeContext ctx)
Launch a container.
|
void |
prepareContainer(ContainerRuntimeContext ctx)
Prior to environment from being written locally need to generate
policy file which limits container access to a small set of directories.
|
void |
relaunchContainer(ContainerRuntimeContext ctx)
Relaunch a container.
|
execContainer, getExposedPorts, getIpAndHost, reapContainer, signalContainerclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitgetLocalResources, start, stoppublic static final String POLICY_FILE_DIR
public JavaSandboxLinuxContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor)
PrivilegedOperationExecutor
instance for performing operations.privilegedOperationExecutor - the PrivilegedOperationExecutor
instancepublic void initialize(org.apache.hadoop.conf.Configuration conf,
Context nmContext)
throws ContainerExecutionException
LinuxContainerRuntimeinitialize in interface LinuxContainerRuntimeinitialize in class DefaultLinuxContainerRuntimeconf - the Configuration to usenmContext - NMContextContainerExecutionException - if an error occurs while initializing
the runtimepublic void prepareContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException
-Djava.security.manager.prepareContainer in interface ContainerRuntimeprepareContainer in class DefaultLinuxContainerRuntimectx - The ContainerRuntimeContext containing container
setup properties.ContainerExecutionException - Exception thrown if temporary policy
file directory can't be created, or if any exceptions occur during policy
file parsing and generation.public void launchContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException
ContainerRuntimelaunchContainer in interface ContainerRuntimelaunchContainer in class DefaultLinuxContainerRuntimectx - the ContainerRuntimeContextContainerExecutionException - if an error occurs while launching
the containerpublic void relaunchContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException
ContainerRuntimerelaunchContainer in interface ContainerRuntimerelaunchContainer in class DefaultLinuxContainerRuntimectx - the ContainerRuntimeContextContainerExecutionException - if an error occurs while relaunching
the containerpublic boolean isRuntimeRequested(Map<String,String> env)
isRuntimeRequested in interface LinuxContainerRuntimeisRuntimeRequested in class DefaultLinuxContainerRuntimeenv - the environment variable settings for the operationCopyright © 2008–2024 Apache Software Foundation. All rights reserved.