Support Questions

Find answers, ask questions, and share your expertise

why does the ambari sandbox run in priviliged mode?

avatar
New Contributor

i'm fairly new to docker and hdp altogether so please excuse me if i make any wrong assumptions...

i'm trying to run ambari (agent and server) in a container and in all relevant documentation i find i see that when issuing the run command, people always add the --priviliged attribute....

does anyone know why does this attribute is needed?

thanks in advance....

1 ACCEPTED SOLUTION

avatar
Master Mentor

@doron zukerman

You can remove "--privileged" if you don't intend to use Kerberos.

By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all device. Please see:

https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities

View solution in original post

4 REPLIES 4

avatar
Master Mentor

@doron zukerman

You can remove "--privileged" if you don't intend to use Kerberos.

By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all device. Please see:

https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities

avatar
Master Mentor

@doron zukerman

You can remove "--privileged" if you don't intend to use Kerberos.

By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all device. Please see:

https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities

avatar
New Contributor

thanks @Jay SenSharma!

avatar
Expert Contributor

@doron zukerman,

Will you please accept the answer that Jay SenSharma provided? It helps everyone see that the question was answered adequately.

Thanks!