@InterfaceAudience.Private @InterfaceStability.Unstable public class JavaSandboxLinuxContainerRuntime extends DefaultLinuxContainerRuntime
This class extends the DefaultLinuxContainerRuntime specifically
 for containers which run Java commands.  It generates a new java security
 policy file per container and modifies the java command to enable the
 Java Security Manager with the generated policy.
JavaSandboxLinuxContainerRuntime can be modified
 using the following settings:
 LinuxContainerRuntime
     is disabledContainerExecutionException will be thrown.read for read-only.
   | Modifier and Type | Class and Description | 
|---|---|
| static class  | JavaSandboxLinuxContainerRuntime.SandboxModeEnumeration of the modes the JavaSandboxLinuxContainerRuntime can use. | 
| Modifier and Type | Field and Description | 
|---|---|
| static String | POLICY_FILE_DIR | 
| Constructor and Description | 
|---|
| JavaSandboxLinuxContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor)Create an instance using the given  PrivilegedOperationExecutorinstance for performing operations. | 
| Modifier and Type | Method and Description | 
|---|---|
| void | initialize(org.apache.hadoop.conf.Configuration conf,
          Context nmContext)Initialize the runtime. | 
| boolean | isRuntimeRequested(Map<String,String> env)Determine if JVMSandboxLinuxContainerRuntime should be used. | 
| void | launchContainer(ContainerRuntimeContext ctx)Launch a container. | 
| void | prepareContainer(ContainerRuntimeContext ctx)Prior to environment from being written locally need to generate
  policy file which limits container access to a small set of directories. | 
| void | relaunchContainer(ContainerRuntimeContext ctx)Relaunch a container. | 
execContainer, getExposedPorts, getIpAndHost, reapContainer, signalContainerclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitgetLocalResources, start, stoppublic static final String POLICY_FILE_DIR
public JavaSandboxLinuxContainerRuntime(PrivilegedOperationExecutor privilegedOperationExecutor)
PrivilegedOperationExecutor
 instance for performing operations.privilegedOperationExecutor - the PrivilegedOperationExecutor
 instancepublic void initialize(org.apache.hadoop.conf.Configuration conf,
                       Context nmContext)
                throws ContainerExecutionException
LinuxContainerRuntimeinitialize in interface LinuxContainerRuntimeinitialize in class DefaultLinuxContainerRuntimeconf - the Configuration to usenmContext - NMContextContainerExecutionException - if an error occurs while initializing
 the runtimepublic void prepareContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException
-Djava.security.manager.prepareContainer in interface ContainerRuntimeprepareContainer in class DefaultLinuxContainerRuntimectx - The ContainerRuntimeContext containing container
            setup properties.ContainerExecutionException - Exception thrown if temporary policy
 file directory can't be created, or if any exceptions occur during policy
 file parsing and generation.public void launchContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException
ContainerRuntimelaunchContainer in interface ContainerRuntimelaunchContainer in class DefaultLinuxContainerRuntimectx - the ContainerRuntimeContextContainerExecutionException - if an error occurs while launching
 the containerpublic void relaunchContainer(ContainerRuntimeContext ctx) throws ContainerExecutionException
ContainerRuntimerelaunchContainer in interface ContainerRuntimerelaunchContainer in class DefaultLinuxContainerRuntimectx - the ContainerRuntimeContextContainerExecutionException - if an error occurs while relaunching
 the containerpublic boolean isRuntimeRequested(Map<String,String> env)
isRuntimeRequested in interface LinuxContainerRuntimeisRuntimeRequested in class DefaultLinuxContainerRuntimeenv - the environment variable settings for the operationCopyright © 2008–2023 Apache Software Foundation. All rights reserved.