Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

why does the ambari sandbox run in priviliged mode?

Solved Go to solution
Highlighted

why does the ambari sandbox run in priviliged mode?

New Contributor

i'm fairly new to docker and hdp altogether so please excuse me if i make any wrong assumptions...

i'm trying to run ambari (agent and server) in a container and in all relevant documentation i find i see that when issuing the run command, people always add the --priviliged attribute....

does anyone know why does this attribute is needed?

thanks in advance....

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: why does the ambari sandbox run in priviliged mode?

Super Mentor

@doron zukerman

You can remove "--privileged" if you don't intend to use Kerberos.

By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all device. Please see:

https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities

View solution in original post

4 REPLIES 4
Highlighted

Re: why does the ambari sandbox run in priviliged mode?

Super Mentor

@doron zukerman

You can remove "--privileged" if you don't intend to use Kerberos.

By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all device. Please see:

https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities

View solution in original post

Highlighted

Re: why does the ambari sandbox run in priviliged mode?

Super Mentor

@doron zukerman

You can remove "--privileged" if you don't intend to use Kerberos.

By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all device. Please see:

https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities

Highlighted

Re: why does the ambari sandbox run in priviliged mode?

New Contributor

thanks @Jay SenSharma!

Highlighted

Re: why does the ambari sandbox run in priviliged mode?

Expert Contributor

@doron zukerman,

Will you please accept the answer that Jay SenSharma provided? It helps everyone see that the question was answered adequately.

Thanks!

Don't have an account?
Coming from Hortonworks? Activate your account here