Google Git
Sign in
apache / hadoop-site / 952d547359cafef280f0a0324055741b2ed55be1 / . / content / docs / r3.3.1 / hadoop-yarn / hadoop-yarn-server / hadoop-yarn-server-nodemanager / apidocs / org / apache / hadoop / yarn / server / nodemanager / containermanager / linux / runtime / JavaSandboxLinuxContainerRuntime.html
blob: e27a2629b4f05a682659da93d287f0eb4dacfd9f [file] [log] [blame]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (1.8.0_292) on Tue Jun 15 06:11:21 GMT 2021 -->
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JavaSandboxLinuxContainerRuntime (Apache Hadoop YARN NodeManager 3.3.1 API)</title>
<meta name="date" content="2021-06-15">
<link rel="stylesheet" type="text/css" href="../../../../../../../../../stylesheet.css" title="Style">
<script type="text/javascript" src="../../../../../../../../../script.js"></script>
</head>
<body>
<script type="text/javascript"><!--
try {
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="JavaSandboxLinuxContainerRuntime (Apache Hadoop YARN NodeManager 3.3.1 API)";
}
}
catch(err) {
}
//-->
var methods = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar.top">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a name="navbar.top.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../../../../overview-summary.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/JavaSandboxLinuxContainerRuntime.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime"><span class="typeNameLink">Prev&nbsp;Class</span></a></li>
<li><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/JavaSandboxLinuxContainerRuntime.SandboxMode.html" title="enum in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime"><span class="typeNameLink">Next&nbsp;Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../../../../../../index.html?org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/JavaSandboxLinuxContainerRuntime.html" target="_top">Frames</a></li>
<li><a href="JavaSandboxLinuxContainerRuntime.html" target="_top">No&nbsp;Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../../../../../../allclasses-noframe.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li><a href="#nested.class.summary">Nested</a>&nbsp;|&nbsp;</li>
<li><a href="#field.summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li><a href="#field.detail">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a name="skip.navbar.top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<!-- ======== START OF CLASS DATA ======== -->
<div class="header">
<div class="subTitle">org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime</div>
<h2 title="Class JavaSandboxLinuxContainerRuntime" class="title">Class JavaSandboxLinuxContainerRuntime</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">java.lang.Object</a></li>
<li>
<ul class="inheritance">
<li><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime">org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.DefaultLinuxContainerRuntime</a></li>
<li>
<ul class="inheritance">
<li>org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.JavaSandboxLinuxContainerRuntime</li>
</ul>
</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Implemented Interfaces:</dt>
<dd><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntime.html" title="interface in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime">LinuxContainerRuntime</a>, <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntime.html" title="interface in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerRuntime</a></dd>
</dl>
<hr>
<br>
<pre>@InterfaceAudience.Private
@InterfaceStability.Unstable
public class <span class="typeNameLabel">JavaSandboxLinuxContainerRuntime</span>
extends <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime">DefaultLinuxContainerRuntime</a></pre>
<div class="block"><p>This class extends the <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime"><code>DefaultLinuxContainerRuntime</code></a> specifically
for containers which run Java commands. It generates a new java security
policy file per container and modifies the java command to enable the
Java Security Manager with the generated policy.</p>
The behavior of the <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/JavaSandboxLinuxContainerRuntime.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime"><code>JavaSandboxLinuxContainerRuntime</code></a> can be modified
using the following settings:
<ul>
<li>
"yarn.nodemanager.runtime.linux.sandbox-mode" :
This yarn-site.xml setting has three options:
<ul>
<li>disabled - Default behavior. <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntime.html" title="interface in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime"><code>LinuxContainerRuntime</code></a>
is disabled</li>
<li>permissive - JVM containers will run with Java Security Manager
enabled. Non-JVM containers will run normally</li>
<li>enforcing - JVM containers will run with Java Security Manager
enabled. Non-JVM containers will be prevented from executing and an
<a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerExecutionException.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime"><code>ContainerExecutionException</code></a> will be thrown.</li>
</ul>
</li>
<li>
"yarn.nodemanager.runtime.linux.sandbox-mode.local-dirs.permissions"
:
Determines the file permissions for the application directories. The
permissions come in the form of comma separated values
(e.g. read,write,execute,delete). Defaults to <code>read</code> for read-only.
</li>
<li>
"yarn.nodemanager.runtime.linux.sandbox-mode.policy"
:
Accepts canonical path to a java policy file on the local filesystem.
This file will be loaded as the base policy, any additional container
grants will be appended to this base file. If not specified, the default
java.policy file provided with hadoop resources will be used.
</li>
<li>
"yarn.nodemanager.runtime.linux.sandbox-mode.whitelist-group"
:
Optional setting to specify a YARN queue which will be exempt from the
sand-boxing process.
</li>
<li>
"yarn.nodemanager.runtime.linux.sandbox-mode.policy.group."$groupName
:
Optional setting to map groups to java policy files. The value is a path
to the java policy file for $groupName. A user which is a member of
multiple groups with different policies will receive the superset of all
the permissions across their groups.
</li>
</ul></div>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- ======== NESTED CLASS SUMMARY ======== -->
<ul class="blockList">
<li class="blockList"><a name="nested.class.summary">
<!-- -->
</a>
<h3>Nested Class Summary</h3>
<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Nested Class Summary table, listing nested classes, and an explanation">
<caption><span>Nested Classes</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Class and Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static class&nbsp;</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/JavaSandboxLinuxContainerRuntime.SandboxMode.html" title="enum in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime">JavaSandboxLinuxContainerRuntime.SandboxMode</a></span></code>
<div class="block">Enumeration of the modes the JavaSandboxLinuxContainerRuntime can use.</div>
</td>
</tr>
</table>
</li>
</ul>
<!-- =========== FIELD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="field.summary">
<!-- -->
</a>
<h3>Field Summary</h3>
<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Field Summary table, listing fields, and an explanation">
<caption><span>Fields</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Field and Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/JavaSandboxLinuxContainerRuntime.html#POLICY_FILE_DIR">POLICY_FILE_DIR</a></span></code>&nbsp;</td>
</tr>
</table>
</li>
</ul>
<!-- ======== CONSTRUCTOR SUMMARY ======== -->
<ul class="blockList">
<li class="blockList"><a name="constructor.summary">
<!-- -->
</a>
<h3>Constructor Summary</h3>
<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colOne" scope="col">Constructor and Description</th>
</tr>
<tr class="altColor">
<td class="colOne"><code><span class="memberNameLink"><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/JavaSandboxLinuxContainerRuntime.html#JavaSandboxLinuxContainerRuntime-org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationExecutor-">JavaSandboxLinuxContainerRuntime</a></span>(<a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/privileged/PrivilegedOperationExecutor.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged">PrivilegedOperationExecutor</a>&nbsp;privilegedOperationExecutor)</code>
<div class="block">Create an instance using the given <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/privileged/PrivilegedOperationExecutor.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged"><code>PrivilegedOperationExecutor</code></a>
instance for performing operations.</div>
</td>
</tr>
</table>
</li>
</ul>
<!-- ========== METHOD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="method.summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Method and Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/JavaSandboxLinuxContainerRuntime.html#initialize-org.apache.hadoop.conf.Configuration-org.apache.hadoop.yarn.server.nodemanager.Context-">initialize</a></span>(org.apache.hadoop.conf.Configuration&nbsp;conf,
<a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/Context.html" title="interface in org.apache.hadoop.yarn.server.nodemanager">Context</a>&nbsp;nmContext)</code>
<div class="block">Initialize the runtime.</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code>boolean</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/JavaSandboxLinuxContainerRuntime.html#isRuntimeRequested-java.util.Map-">isRuntimeRequested</a></span>(<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util">Map</a>&lt;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>,<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&gt;&nbsp;env)</code>
<div class="block">Determine if JVMSandboxLinuxContainerRuntime should be used.</div>
</td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/JavaSandboxLinuxContainerRuntime.html#launchContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">launchContainer</a></span>(<a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntimeContext.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerRuntimeContext</a>&nbsp;ctx)</code>
<div class="block">Launch a container.</div>
</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/JavaSandboxLinuxContainerRuntime.html#prepareContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">prepareContainer</a></span>(<a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntimeContext.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerRuntimeContext</a>&nbsp;ctx)</code>
<div class="block">Prior to environment from being written locally need to generate
policy file which limits container access to a small set of directories.</div>
</td>
</tr>
<tr id="i4" class="altColor">
<td class="colFirst"><code>void</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/JavaSandboxLinuxContainerRuntime.html#relaunchContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">relaunchContainer</a></span>(<a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntimeContext.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerRuntimeContext</a>&nbsp;ctx)</code>
<div class="block">Relaunch a container.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a name="methods.inherited.from.class.org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.DefaultLinuxContainerRuntime">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.<a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime">DefaultLinuxContainerRuntime</a></h3>
<code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html#execContainer-org.apache.hadoop.yarn.server.nodemanager.executor.ContainerExecContext-">execContainer</a>, <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html#getExposedPorts-org.apache.hadoop.yarn.server.nodemanager.containermanager.container.Container-">getExposedPorts</a>, <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html#getIpAndHost-org.apache.hadoop.yarn.server.nodemanager.containermanager.container.Container-">getIpAndHost</a>, <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html#reapContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">reapContainer</a>, <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html#signalContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">signalContainer</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a name="methods.inherited.from.class.java.lang.Object">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></h3>
<code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone--" title="class or interface in java.lang">clone</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals-java.lang.Object-" title="class or interface in java.lang">equals</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize--" title="class or interface in java.lang">finalize</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass--" title="class or interface in java.lang">getClass</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#hashCode--" title="class or interface in java.lang">hashCode</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notify--" title="class or interface in java.lang">notify</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notifyAll--" title="class or interface in java.lang">notifyAll</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#toString--" title="class or interface in java.lang">toString</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait--" title="class or interface in java.lang">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait-long-" title="class or interface in java.lang">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait-long-int-" title="class or interface in java.lang">wait</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a name="methods.inherited.from.class.org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.LinuxContainerRuntime">
<!-- -->
</a>
<h3>Methods inherited from interface&nbsp;org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.<a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntime.html" title="interface in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime">LinuxContainerRuntime</a></h3>
<code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntime.html#getLocalResources-org.apache.hadoop.yarn.server.nodemanager.containermanager.container.Container-">getLocalResources</a>, <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntime.html#start--">start</a>, <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntime.html#stop--">stop</a></code></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ============ FIELD DETAIL =========== -->
<ul class="blockList">
<li class="blockList"><a name="field.detail">
<!-- -->
</a>
<h3>Field Detail</h3>
<a name="POLICY_FILE_DIR">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>POLICY_FILE_DIR</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> POLICY_FILE_DIR</pre>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../../../../../constant-values.html#org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.JavaSandboxLinuxContainerRuntime.POLICY_FILE_DIR">Constant Field Values</a></dd>
</dl>
</li>
</ul>
</li>
</ul>
<!-- ========= CONSTRUCTOR DETAIL ======== -->
<ul class="blockList">
<li class="blockList"><a name="constructor.detail">
<!-- -->
</a>
<h3>Constructor Detail</h3>
<a name="JavaSandboxLinuxContainerRuntime-org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationExecutor-">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>JavaSandboxLinuxContainerRuntime</h4>
<pre>public&nbsp;JavaSandboxLinuxContainerRuntime(<a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/privileged/PrivilegedOperationExecutor.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged">PrivilegedOperationExecutor</a>&nbsp;privilegedOperationExecutor)</pre>
<div class="block">Create an instance using the given <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/privileged/PrivilegedOperationExecutor.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged"><code>PrivilegedOperationExecutor</code></a>
instance for performing operations.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>privilegedOperationExecutor</code> - the <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/privileged/PrivilegedOperationExecutor.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged"><code>PrivilegedOperationExecutor</code></a>
instance</dd>
</dl>
</li>
</ul>
</li>
</ul>
<!-- ============ METHOD DETAIL ========== -->
<ul class="blockList">
<li class="blockList"><a name="method.detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a name="initialize-org.apache.hadoop.conf.Configuration-org.apache.hadoop.yarn.server.nodemanager.Context-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>initialize</h4>
<pre>public&nbsp;void&nbsp;initialize(org.apache.hadoop.conf.Configuration&nbsp;conf,
<a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/Context.html" title="interface in org.apache.hadoop.yarn.server.nodemanager">Context</a>&nbsp;nmContext)
throws <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerExecutionException.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerExecutionException</a></pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from interface:&nbsp;<code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntime.html#initialize-org.apache.hadoop.conf.Configuration-org.apache.hadoop.yarn.server.nodemanager.Context-">LinuxContainerRuntime</a></code></span></div>
<div class="block">Initialize the runtime.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntime.html#initialize-org.apache.hadoop.conf.Configuration-org.apache.hadoop.yarn.server.nodemanager.Context-">initialize</a></code>&nbsp;in interface&nbsp;<code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntime.html" title="interface in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime">LinuxContainerRuntime</a></code></dd>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html#initialize-org.apache.hadoop.conf.Configuration-org.apache.hadoop.yarn.server.nodemanager.Context-">initialize</a></code>&nbsp;in class&nbsp;<code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime">DefaultLinuxContainerRuntime</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>conf</code> - the <code>Configuration</code> to use</dd>
<dd><code>nmContext</code> - NMContext</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerExecutionException.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerExecutionException</a></code> - if an error occurs while initializing
the runtime</dd>
</dl>
</li>
</ul>
<a name="prepareContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>prepareContainer</h4>
<pre>public&nbsp;void&nbsp;prepareContainer(<a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntimeContext.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerRuntimeContext</a>&nbsp;ctx)
throws <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerExecutionException.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerExecutionException</a></pre>
<div class="block">Prior to environment from being written locally need to generate
policy file which limits container access to a small set of directories.
Additionally the container run command needs to be modified to include
flags to enable the java security manager with the generated policy.
<br>
The Java Sandbox will be circumvented if the user is a member of the
group specified in:
"yarn.nodemanager.runtime.linux.sandbox-mode.whitelist-group"
and if they do not include the JVM flag
<code>-Djava.security.manager</code>.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntime.html#prepareContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">prepareContainer</a></code>&nbsp;in interface&nbsp;<code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntime.html" title="interface in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerRuntime</a></code></dd>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html#prepareContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">prepareContainer</a></code>&nbsp;in class&nbsp;<code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime">DefaultLinuxContainerRuntime</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>ctx</code> - The <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntimeContext.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime"><code>ContainerRuntimeContext</code></a> containing container
setup properties.</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerExecutionException.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerExecutionException</a></code> - Exception thrown if temporary policy
file directory can't be created, or if any exceptions occur during policy
file parsing and generation.</dd>
</dl>
</li>
</ul>
<a name="launchContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>launchContainer</h4>
<pre>public&nbsp;void&nbsp;launchContainer(<a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntimeContext.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerRuntimeContext</a>&nbsp;ctx)
throws <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerExecutionException.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerExecutionException</a></pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from interface:&nbsp;<code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntime.html#launchContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">ContainerRuntime</a></code></span></div>
<div class="block">Launch a container.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntime.html#launchContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">launchContainer</a></code>&nbsp;in interface&nbsp;<code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntime.html" title="interface in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerRuntime</a></code></dd>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html#launchContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">launchContainer</a></code>&nbsp;in class&nbsp;<code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime">DefaultLinuxContainerRuntime</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>ctx</code> - the <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntimeContext.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime"><code>ContainerRuntimeContext</code></a></dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerExecutionException.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerExecutionException</a></code> - if an error occurs while launching
the container</dd>
</dl>
</li>
</ul>
<a name="relaunchContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>relaunchContainer</h4>
<pre>public&nbsp;void&nbsp;relaunchContainer(<a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntimeContext.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerRuntimeContext</a>&nbsp;ctx)
throws <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerExecutionException.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerExecutionException</a></pre>
<div class="block"><span class="descfrmTypeLabel">Description copied from interface:&nbsp;<code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntime.html#relaunchContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">ContainerRuntime</a></code></span></div>
<div class="block">Relaunch a container.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntime.html#relaunchContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">relaunchContainer</a></code>&nbsp;in interface&nbsp;<code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntime.html" title="interface in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerRuntime</a></code></dd>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html#relaunchContainer-org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext-">relaunchContainer</a></code>&nbsp;in class&nbsp;<code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime">DefaultLinuxContainerRuntime</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>ctx</code> - the <a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerRuntimeContext.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime"><code>ContainerRuntimeContext</code></a></dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/runtime/ContainerExecutionException.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime">ContainerExecutionException</a></code> - if an error occurs while relaunching
the container</dd>
</dl>
</li>
</ul>
<a name="isRuntimeRequested-java.util.Map-">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>isRuntimeRequested</h4>
<pre>public&nbsp;boolean&nbsp;isRuntimeRequested(<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util">Map</a>&lt;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>,<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&gt;&nbsp;env)</pre>
<div class="block">Determine if JVMSandboxLinuxContainerRuntime should be used. This is
decided based on the value of
"yarn.nodemanager.runtime.linux.sandbox-mode"</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntime.html#isRuntimeRequested-java.util.Map-">isRuntimeRequested</a></code>&nbsp;in interface&nbsp;<code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/LinuxContainerRuntime.html" title="interface in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime">LinuxContainerRuntime</a></code></dd>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html#isRuntimeRequested-java.util.Map-">isRuntimeRequested</a></code>&nbsp;in class&nbsp;<code><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DefaultLinuxContainerRuntime.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime">DefaultLinuxContainerRuntime</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>env</code> - the environment variable settings for the operation</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>true if Sandbox is requested, false otherwise</dd>
</dl>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<!-- ========= END OF CLASS DATA ========= -->
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar.bottom">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a name="navbar.bottom.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../../../../overview-summary.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/JavaSandboxLinuxContainerRuntime.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.html" title="class in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime"><span class="typeNameLink">Prev&nbsp;Class</span></a></li>
<li><a href="../../../../../../../../../org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/JavaSandboxLinuxContainerRuntime.SandboxMode.html" title="enum in org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime"><span class="typeNameLink">Next&nbsp;Class</span></a></li>
</ul>
<ul class="navList">
<li><a href="../../../../../../../../../index.html?org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/JavaSandboxLinuxContainerRuntime.html" target="_top">Frames</a></li>
<li><a href="JavaSandboxLinuxContainerRuntime.html" target="_top">No&nbsp;Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../../../../../../allclasses-noframe.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li><a href="#nested.class.summary">Nested</a>&nbsp;|&nbsp;</li>
<li><a href="#field.summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li><a href="#field.detail">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a name="skip.navbar.bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
<p class="legalCopy"><small>Copyright &#169; 2008&#x2013;2021 <a href="https://www.apache.org">Apache Software Foundation</a>. All rights reserved.</small></p>
</body>
</html>