Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

why does the ambari sandbox run in priviliged mode?

Solved Go to solution

why does the ambari sandbox run in priviliged mode?

New Contributor

i'm fairly new to docker and hdp altogether so please excuse me if i make any wrong assumptions...

i'm trying to run ambari (agent and server) in a container and in all relevant documentation i find i see that when issuing the run command, people always add the --priviliged attribute....

does anyone know why does this attribute is needed?

thanks in advance....

1 ACCEPTED SOLUTION

Accepted Solutions

Re: why does the ambari sandbox run in priviliged mode?

Super Mentor

@doron zukerman

You can remove "--privileged" if you don't intend to use Kerberos.

By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all device. Please see:

https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities

4 REPLIES 4

Re: why does the ambari sandbox run in priviliged mode?

Super Mentor

@doron zukerman

You can remove "--privileged" if you don't intend to use Kerberos.

By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all device. Please see:

https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities

Re: why does the ambari sandbox run in priviliged mode?

Super Mentor

@doron zukerman

You can remove "--privileged" if you don't intend to use Kerberos.

By default, Docker containers are “unprivileged” and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a “privileged” container is given access to all device. Please see:

https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities

Re: why does the ambari sandbox run in priviliged mode?

New Contributor

thanks @Jay SenSharma!

Re: why does the ambari sandbox run in priviliged mode?

Expert Contributor

@doron zukerman,

Will you please accept the answer that Jay SenSharma provided? It helps everyone see that the question was answered adequately.

Thanks!