Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

why does the ambari sandbox run in priviliged mode?

Labels:
avatar
author-rank doronz
New Contributor

Created ‎01-29-2017 09:21 AM

i'm fairly new to docker and hdp altogether so please excuse me if i make any wrong assumptions...

i'm trying to run ambari (agent and server) in a container and in all relevant documentation i find i see that when issuing the run command, people always add the --priviliged attribute....

does anyone know why does this attribute is needed?

thanks in advance....

1,647 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎01-29-2017 01:57 PM

@doron zukerman

You can remove "--privileged" if you don't intend to use Kerberos.

By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all device. Please see:

https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities

View solution in original post

1,553 Views
0 Kudos
0
4 REPLIES 4

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎01-29-2017 01:57 PM

@doron zukerman

You can remove "--privileged" if you don't intend to use Kerberos.

By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all device. Please see:

https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities

1,554 Views
0 Kudos
0

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎01-29-2017 01:57 PM

@doron zukerman

You can remove "--privileged" if you don't intend to use Kerberos.

By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all device. Please see:

https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities

1,553 Views
0 Kudos

avatar
author-rank doronz
New Contributor

Created ‎01-29-2017 02:07 PM

thanks @Jay SenSharma!

1,553 Views
0 Kudos

avatar
author-rank jwhitmore author-rank
Expert Contributor

Created ‎01-30-2017 11:04 PM

@doron zukerman,

Will you please accept the answer that Jay SenSharma provided? It helps everyone see that the question was answered adequately.

Thanks!

1,553 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements