You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by cd...@apache.org on 2018/02/13 05:08:24 UTC
[1/4] hadoop git commit: Revert "HADOOP-15195. With SELinux enabled,
directories mounted with start-build-env.sh may not be accessible.
Contributed by Grigori Rybkine"
Repository: hadoop
Updated Branches:
refs/heads/branch-3.1 d51e4affb -> 08053c4ea
refs/heads/trunk 5b88cb339 -> 0c5d7d71a
Revert "HADOOP-15195. With SELinux enabled, directories mounted with start-build-env.sh may not be accessible. Contributed by Grigori Rybkine"
This reverts commit 5b88cb339898f82519223bcd07e1caedff02d051.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/9cc6d1df
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/9cc6d1df
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/9cc6d1df
Branch: refs/heads/trunk
Commit: 9cc6d1dfb351f505aaa8f9f028068650b3b00d0d
Parents: 5b88cb3
Author: Chris Douglas <cd...@apache.org>
Authored: Mon Feb 12 21:06:10 2018 -0800
Committer: Chris Douglas <cd...@apache.org>
Committed: Mon Feb 12 21:06:10 2018 -0800
----------------------------------------------------------------------
.../src/test/scripts/start-build-env.bats | 102 -------------------
start-build-env.sh | 32 +-----
2 files changed, 3 insertions(+), 131 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/9cc6d1df/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats b/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats
deleted file mode 100644
index 0c32bcf..0000000
--- a/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats
+++ /dev/null
@@ -1,102 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load hadoop-functions_test_helper
-
-# Mock docker command
-docker () {
- if [ "$1" = "-v" ]; then
- shift
- echo Docker version ${DCKR_MOCK_VER:?}
- elif [ "$1" = run ]; then
- shift
- until [ $# -eq 0 ]; do
- if [ "$1" = -v ]; then
- shift
- echo "$1"|awk -F':' '{if (NF == 3 && $3 == "z")
- printf "Mounted %s with %s option.\n", $1, $3
- else if (NF == 2)
- printf "Mounted %s without %s option.\n", $1, "z"}'
- fi
- shift
- done
- fi
-}
-export -f docker
-export DCKR_MOCK_VER
-
-# Mock a SELinux enabled system
-enable_selinux () {
- mkdir -p "${TMP}/bin"
- echo true >"${TMP}/bin"/selinuxenabled
- chmod a+x "${TMP}/bin"/selinuxenabled
- if [ "${PATH#${TMP}/bin}" = "${PATH}" ]; then
- PATH="${TMP}/bin":"$PATH"
- fi
-}
-
-setup_user () {
- if [ -z "$(printenv USER)" ]; then
- if [ -z "$USER" ]; then
- USER=${HOME##*/}
- fi
- export USER
- fi
-}
-
-# Mock stat command as used in start-build-env.sh
-stat () {
- if [ "$1" = --printf='%C' -a $# -eq 2 ]; then
- printf 'mock_u:mock_r:mock_t:s0'
- else
- command stat "$@"
- fi
-}
-export -f stat
-
-# Verify that host directories get mounted without z option
-# and INFO messages get printed out
-@test "start-build-env.sh (Docker without z mount option)" {
- if [ "$(uname -s)" != "Linux" ]; then
- skip "Not on Linux platform"
- fi
- enable_selinux
- setup_user
- DCKR_MOCK_VER=1.4
- run "${BATS_TEST_DIRNAME}/../../../../../start-build-env.sh"
- [ "$status" -eq 0 ]
- [[ ${lines[0]} == "INFO: SELinux policy is enforced." ]]
- [[ ${lines[1]} =~ \
- "Mounted ".*" may not be accessible to the container." ]]
- [[ ${lines[2]} == \
- "INFO: If so, on the host, run the following command:" ]]
- [[ ${lines[3]} =~ "# chcon -Rt svirt_sandbox_file_t " ]]
- [[ ${lines[-2]} =~ "Mounted ".*" without z option." ]]
- [[ ${lines[-1]} =~ "Mounted ".*" without z option." ]]
-}
-
-# Verify that host directories get mounted with z option
-@test "start-build-env.sh (Docker with z mount option)" {
- if [ "$(uname -s)" != "Linux" ]; then
- skip "Not on Linux platform"
- fi
- enable_selinux
- setup_user
- DCKR_MOCK_VER=1.7
- run "${BATS_TEST_DIRNAME}/../../../../../start-build-env.sh"
- [ "$status" -eq 0 ]
- [[ ${lines[-2]} =~ "Mounted ".*" with z option." ]]
- [[ ${lines[-1]} =~ "Mounted ".*" with z option." ]]
-}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/9cc6d1df/start-build-env.sh
----------------------------------------------------------------------
diff --git a/start-build-env.sh b/start-build-env.sh
index 60efea5..5a18151 100755
--- a/start-build-env.sh
+++ b/start-build-env.sh
@@ -21,36 +21,10 @@ cd "$(dirname "$0")" # connect to root
docker build -t hadoop-build dev-support/docker
-if [ "$(uname -s)" = "Linux" ]; then
+if [ "$(uname -s)" == "Linux" ]; then
USER_NAME=${SUDO_USER:=$USER}
USER_ID=$(id -u "${USER_NAME}")
GROUP_ID=$(id -g "${USER_NAME}")
- # man docker-run
- # When using SELinux, mounted directories may not be accessible
- # to the container. To work around this, with Docker prior to 1.7
- # one needs to run the "chcon -Rt svirt_sandbox_file_t" command on
- # the directories. With Docker 1.7 and later the z mount option
- # does this automatically.
- if command -v selinuxenabled >/dev/null && selinuxenabled; then
- DCKR_VER=$(docker -v|awk '$1 == "Docker" && $2 == "version"\
- {split($3,ver,".");print ver[1]"."ver[2]}')
- DCKR_MAJ=${DCKR_VER%.*}
- DCKR_MIN=${DCKR_VER#*.}
- if [ "${DCKR_MAJ}" -eq 1 ] && [ "${DCKR_MIN}" -ge 7 ] ||
- [ "${DCKR_MAJ}" -gt 1 ]; then
- V_OPTS=:z
- else
- for d in "${PWD}" "${HOME}/.m2"; do
- ctx=$(stat --printf='%C' "$d"|cut -d':' -f3)
- if [ "$ctx" != svirt_sandbox_file_t ] && [ "$ctx" != container_file_t ]; then
- printf 'INFO: SELinux policy is enforced.\n'
- printf '\tMounted %s may not be accessible to the container.\n' "$d"
- printf 'INFO: If so, on the host, run the following command:\n'
- printf '\t# chcon -Rt svirt_sandbox_file_t %s\n' "$d"
- fi
- done
- fi
- fi
else # boot2docker uid and gid
USER_NAME=$USER
USER_ID=1000
@@ -71,8 +45,8 @@ UserSpecificDocker
# system. And this also is a significant speedup in subsequent
# builds because the dependencies are downloaded only once.
docker run --rm=true -t -i \
- -v "${PWD}:/home/${USER_NAME}/hadoop${V_OPTS:-}" \
+ -v "${PWD}:/home/${USER_NAME}/hadoop" \
-w "/home/${USER_NAME}/hadoop" \
- -v "${HOME}/.m2:/home/${USER_NAME}/.m2${V_OPTS:-}" \
+ -v "${HOME}/.m2:/home/${USER_NAME}/.m2" \
-u "${USER_NAME}" \
"hadoop-build-${USER_ID}"
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org
[4/4] hadoop git commit: HADOOP-15195. With SELinux enabled,
directories mounted with start-build-env.sh may not be accessible.
Contributed by Grigori Rybkine
Posted by cd...@apache.org.
HADOOP-15195. With SELinux enabled, directories mounted with start-build-env.sh may not be accessible. Contributed by Grigori Rybkine
(cherry picked from commit 0c5d7d71a80bccd4ad7eab269d0727b999606a7e)
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/08053c4e
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/08053c4e
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/08053c4e
Branch: refs/heads/branch-3.1
Commit: 08053c4ead2f6026a5eb937df560db251123633c
Parents: 1f6b189
Author: Chris Douglas <cd...@apache.org>
Authored: Mon Feb 12 21:07:15 2018 -0800
Committer: Chris Douglas <cd...@apache.org>
Committed: Mon Feb 12 21:07:25 2018 -0800
----------------------------------------------------------------------
.../src/test/scripts/start-build-env.bats | 102 +++++++++++++++++++
start-build-env.sh | 32 +++++-
2 files changed, 131 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/08053c4e/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats b/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats
new file mode 100644
index 0000000..dbb14ad
--- /dev/null
+++ b/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats
@@ -0,0 +1,102 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+load hadoop-functions_test_helper
+
+# Mock docker command
+docker () {
+ if [ "$1" = "-v" ]; then
+ shift
+ echo Docker version ${DCKR_MOCK_VER:?}
+ elif [ "$1" = run ]; then
+ shift
+ until [ $# -eq 0 ]; do
+ if [ "$1" = -v ]; then
+ shift
+ echo "$1"|awk -F':' '{if (NF == 3 && $3 == "z")
+ printf "Mounted %s with z option.\n", $1
+ else if (NF == 2)
+ printf "Mounted %s without z option.\n", $1}'
+ fi
+ shift
+ done
+ fi
+}
+export -f docker
+export DCKR_MOCK_VER
+
+# Mock a SELinux enabled system
+enable_selinux () {
+ mkdir -p "${TMP}/bin"
+ echo true >"${TMP}/bin"/selinuxenabled
+ chmod a+x "${TMP}/bin"/selinuxenabled
+ if [ "${PATH#${TMP}/bin}" = "${PATH}" ]; then
+ PATH="${TMP}/bin":"$PATH"
+ fi
+}
+
+setup_user () {
+ if [ -z "$(printenv USER)" ]; then
+ if [ -z "$USER" ]; then
+ USER=${HOME##*/}
+ fi
+ export USER
+ fi
+}
+
+# Mock stat command as used in start-build-env.sh
+stat () {
+ if [ "$1" = --printf='%C' -a $# -eq 2 ]; then
+ printf 'mock_u:mock_r:mock_t:s0'
+ else
+ command stat "$@"
+ fi
+}
+export -f stat
+
+# Verify that host directories get mounted without z option
+# and INFO messages get printed out
+@test "start-build-env.sh (Docker without z mount option)" {
+ if [ "$(uname -s)" != "Linux" ]; then
+ skip "Not on Linux platform"
+ fi
+ enable_selinux
+ setup_user
+ DCKR_MOCK_VER=1.4
+ run "${BATS_TEST_DIRNAME}/../../../../../start-build-env.sh"
+ [ "$status" -eq 0 ]
+ [[ ${lines[0]} == "INFO: SELinux is enabled." ]]
+ [[ ${lines[1]} =~ \
+ "Mounted ".*" may not be accessible to the container." ]]
+ [[ ${lines[2]} == \
+ "INFO: If so, on the host, run the following command:" ]]
+ [[ ${lines[3]} =~ "# chcon -Rt svirt_sandbox_file_t " ]]
+ [[ ${lines[-2]} =~ "Mounted ".*" without z option." ]]
+ [[ ${lines[-1]} =~ "Mounted ".*" without z option." ]]
+}
+
+# Verify that host directories get mounted with z option
+@test "start-build-env.sh (Docker with z mount option)" {
+ if [ "$(uname -s)" != "Linux" ]; then
+ skip "Not on Linux platform"
+ fi
+ enable_selinux
+ setup_user
+ DCKR_MOCK_VER=1.7
+ run "${BATS_TEST_DIRNAME}/../../../../../start-build-env.sh"
+ [ "$status" -eq 0 ]
+ [[ ${lines[-2]} =~ "Mounted ".*" with z option." ]]
+ [[ ${lines[-1]} =~ "Mounted ".*" with z option." ]]
+}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/08053c4e/start-build-env.sh
----------------------------------------------------------------------
diff --git a/start-build-env.sh b/start-build-env.sh
index 5a18151..4da55af 100755
--- a/start-build-env.sh
+++ b/start-build-env.sh
@@ -21,10 +21,36 @@ cd "$(dirname "$0")" # connect to root
docker build -t hadoop-build dev-support/docker
-if [ "$(uname -s)" == "Linux" ]; then
+if [ "$(uname -s)" = "Linux" ]; then
USER_NAME=${SUDO_USER:=$USER}
USER_ID=$(id -u "${USER_NAME}")
GROUP_ID=$(id -g "${USER_NAME}")
+ # man docker-run
+ # When using SELinux, mounted directories may not be accessible
+ # to the container. To work around this, with Docker prior to 1.7
+ # one needs to run the "chcon -Rt svirt_sandbox_file_t" command on
+ # the directories. With Docker 1.7 and later the z mount option
+ # does this automatically.
+ if command -v selinuxenabled >/dev/null && selinuxenabled; then
+ DCKR_VER=$(docker -v|
+ awk '$1 == "Docker" && $2 == "version" {split($3,ver,".");print ver[1]"."ver[2]}')
+ DCKR_MAJ=${DCKR_VER%.*}
+ DCKR_MIN=${DCKR_VER#*.}
+ if [ "${DCKR_MAJ}" -eq 1 ] && [ "${DCKR_MIN}" -ge 7 ] ||
+ [ "${DCKR_MAJ}" -gt 1 ]; then
+ V_OPTS=:z
+ else
+ for d in "${PWD}" "${HOME}/.m2"; do
+ ctx=$(stat --printf='%C' "$d"|cut -d':' -f3)
+ if [ "$ctx" != svirt_sandbox_file_t ] && [ "$ctx" != container_file_t ]; then
+ printf 'INFO: SELinux is enabled.\n'
+ printf '\tMounted %s may not be accessible to the container.\n' "$d"
+ printf 'INFO: If so, on the host, run the following command:\n'
+ printf '\t# chcon -Rt svirt_sandbox_file_t %s\n' "$d"
+ fi
+ done
+ fi
+ fi
else # boot2docker uid and gid
USER_NAME=$USER
USER_ID=1000
@@ -45,8 +71,8 @@ UserSpecificDocker
# system. And this also is a significant speedup in subsequent
# builds because the dependencies are downloaded only once.
docker run --rm=true -t -i \
- -v "${PWD}:/home/${USER_NAME}/hadoop" \
+ -v "${PWD}:/home/${USER_NAME}/hadoop${V_OPTS:-}" \
-w "/home/${USER_NAME}/hadoop" \
- -v "${HOME}/.m2:/home/${USER_NAME}/.m2" \
+ -v "${HOME}/.m2:/home/${USER_NAME}/.m2${V_OPTS:-}" \
-u "${USER_NAME}" \
"hadoop-build-${USER_ID}"
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org
[2/4] hadoop git commit: Revert "HADOOP-15195. With SELinux enabled,
directories mounted with start-build-env.sh may not be accessible.
Contributed by Grigori Rybkine"
Posted by cd...@apache.org.
Revert "HADOOP-15195. With SELinux enabled, directories mounted with start-build-env.sh may not be accessible. Contributed by Grigori Rybkine"
This reverts commit d51e4affbacad720793a42794aa16343a4e36a66.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/1f6b1894
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/1f6b1894
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/1f6b1894
Branch: refs/heads/branch-3.1
Commit: 1f6b1894fcfe2f83a01282a9f2d7a5b327db2182
Parents: d51e4af
Author: Chris Douglas <cd...@apache.org>
Authored: Mon Feb 12 21:06:21 2018 -0800
Committer: Chris Douglas <cd...@apache.org>
Committed: Mon Feb 12 21:06:21 2018 -0800
----------------------------------------------------------------------
.../src/test/scripts/start-build-env.bats | 102 -------------------
start-build-env.sh | 32 +-----
2 files changed, 3 insertions(+), 131 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/1f6b1894/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats b/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats
deleted file mode 100644
index 0c32bcf..0000000
--- a/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats
+++ /dev/null
@@ -1,102 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-load hadoop-functions_test_helper
-
-# Mock docker command
-docker () {
- if [ "$1" = "-v" ]; then
- shift
- echo Docker version ${DCKR_MOCK_VER:?}
- elif [ "$1" = run ]; then
- shift
- until [ $# -eq 0 ]; do
- if [ "$1" = -v ]; then
- shift
- echo "$1"|awk -F':' '{if (NF == 3 && $3 == "z")
- printf "Mounted %s with %s option.\n", $1, $3
- else if (NF == 2)
- printf "Mounted %s without %s option.\n", $1, "z"}'
- fi
- shift
- done
- fi
-}
-export -f docker
-export DCKR_MOCK_VER
-
-# Mock a SELinux enabled system
-enable_selinux () {
- mkdir -p "${TMP}/bin"
- echo true >"${TMP}/bin"/selinuxenabled
- chmod a+x "${TMP}/bin"/selinuxenabled
- if [ "${PATH#${TMP}/bin}" = "${PATH}" ]; then
- PATH="${TMP}/bin":"$PATH"
- fi
-}
-
-setup_user () {
- if [ -z "$(printenv USER)" ]; then
- if [ -z "$USER" ]; then
- USER=${HOME##*/}
- fi
- export USER
- fi
-}
-
-# Mock stat command as used in start-build-env.sh
-stat () {
- if [ "$1" = --printf='%C' -a $# -eq 2 ]; then
- printf 'mock_u:mock_r:mock_t:s0'
- else
- command stat "$@"
- fi
-}
-export -f stat
-
-# Verify that host directories get mounted without z option
-# and INFO messages get printed out
-@test "start-build-env.sh (Docker without z mount option)" {
- if [ "$(uname -s)" != "Linux" ]; then
- skip "Not on Linux platform"
- fi
- enable_selinux
- setup_user
- DCKR_MOCK_VER=1.4
- run "${BATS_TEST_DIRNAME}/../../../../../start-build-env.sh"
- [ "$status" -eq 0 ]
- [[ ${lines[0]} == "INFO: SELinux policy is enforced." ]]
- [[ ${lines[1]} =~ \
- "Mounted ".*" may not be accessible to the container." ]]
- [[ ${lines[2]} == \
- "INFO: If so, on the host, run the following command:" ]]
- [[ ${lines[3]} =~ "# chcon -Rt svirt_sandbox_file_t " ]]
- [[ ${lines[-2]} =~ "Mounted ".*" without z option." ]]
- [[ ${lines[-1]} =~ "Mounted ".*" without z option." ]]
-}
-
-# Verify that host directories get mounted with z option
-@test "start-build-env.sh (Docker with z mount option)" {
- if [ "$(uname -s)" != "Linux" ]; then
- skip "Not on Linux platform"
- fi
- enable_selinux
- setup_user
- DCKR_MOCK_VER=1.7
- run "${BATS_TEST_DIRNAME}/../../../../../start-build-env.sh"
- [ "$status" -eq 0 ]
- [[ ${lines[-2]} =~ "Mounted ".*" with z option." ]]
- [[ ${lines[-1]} =~ "Mounted ".*" with z option." ]]
-}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/1f6b1894/start-build-env.sh
----------------------------------------------------------------------
diff --git a/start-build-env.sh b/start-build-env.sh
index 60efea5..5a18151 100755
--- a/start-build-env.sh
+++ b/start-build-env.sh
@@ -21,36 +21,10 @@ cd "$(dirname "$0")" # connect to root
docker build -t hadoop-build dev-support/docker
-if [ "$(uname -s)" = "Linux" ]; then
+if [ "$(uname -s)" == "Linux" ]; then
USER_NAME=${SUDO_USER:=$USER}
USER_ID=$(id -u "${USER_NAME}")
GROUP_ID=$(id -g "${USER_NAME}")
- # man docker-run
- # When using SELinux, mounted directories may not be accessible
- # to the container. To work around this, with Docker prior to 1.7
- # one needs to run the "chcon -Rt svirt_sandbox_file_t" command on
- # the directories. With Docker 1.7 and later the z mount option
- # does this automatically.
- if command -v selinuxenabled >/dev/null && selinuxenabled; then
- DCKR_VER=$(docker -v|awk '$1 == "Docker" && $2 == "version"\
- {split($3,ver,".");print ver[1]"."ver[2]}')
- DCKR_MAJ=${DCKR_VER%.*}
- DCKR_MIN=${DCKR_VER#*.}
- if [ "${DCKR_MAJ}" -eq 1 ] && [ "${DCKR_MIN}" -ge 7 ] ||
- [ "${DCKR_MAJ}" -gt 1 ]; then
- V_OPTS=:z
- else
- for d in "${PWD}" "${HOME}/.m2"; do
- ctx=$(stat --printf='%C' "$d"|cut -d':' -f3)
- if [ "$ctx" != svirt_sandbox_file_t ] && [ "$ctx" != container_file_t ]; then
- printf 'INFO: SELinux policy is enforced.\n'
- printf '\tMounted %s may not be accessible to the container.\n' "$d"
- printf 'INFO: If so, on the host, run the following command:\n'
- printf '\t# chcon -Rt svirt_sandbox_file_t %s\n' "$d"
- fi
- done
- fi
- fi
else # boot2docker uid and gid
USER_NAME=$USER
USER_ID=1000
@@ -71,8 +45,8 @@ UserSpecificDocker
# system. And this also is a significant speedup in subsequent
# builds because the dependencies are downloaded only once.
docker run --rm=true -t -i \
- -v "${PWD}:/home/${USER_NAME}/hadoop${V_OPTS:-}" \
+ -v "${PWD}:/home/${USER_NAME}/hadoop" \
-w "/home/${USER_NAME}/hadoop" \
- -v "${HOME}/.m2:/home/${USER_NAME}/.m2${V_OPTS:-}" \
+ -v "${HOME}/.m2:/home/${USER_NAME}/.m2" \
-u "${USER_NAME}" \
"hadoop-build-${USER_ID}"
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org
[3/4] hadoop git commit: HADOOP-15195. With SELinux enabled,
directories mounted with start-build-env.sh may not be accessible.
Contributed by Grigori Rybkine
Posted by cd...@apache.org.
HADOOP-15195. With SELinux enabled, directories mounted with start-build-env.sh may not be accessible. Contributed by Grigori Rybkine
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/0c5d7d71
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/0c5d7d71
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/0c5d7d71
Branch: refs/heads/trunk
Commit: 0c5d7d71a80bccd4ad7eab269d0727b999606a7e
Parents: 9cc6d1d
Author: Chris Douglas <cd...@apache.org>
Authored: Mon Feb 12 21:07:15 2018 -0800
Committer: Chris Douglas <cd...@apache.org>
Committed: Mon Feb 12 21:07:15 2018 -0800
----------------------------------------------------------------------
.../src/test/scripts/start-build-env.bats | 102 +++++++++++++++++++
start-build-env.sh | 32 +++++-
2 files changed, 131 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/0c5d7d71/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats b/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats
new file mode 100644
index 0000000..dbb14ad
--- /dev/null
+++ b/hadoop-common-project/hadoop-common/src/test/scripts/start-build-env.bats
@@ -0,0 +1,102 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+load hadoop-functions_test_helper
+
+# Mock docker command
+docker () {
+ if [ "$1" = "-v" ]; then
+ shift
+ echo Docker version ${DCKR_MOCK_VER:?}
+ elif [ "$1" = run ]; then
+ shift
+ until [ $# -eq 0 ]; do
+ if [ "$1" = -v ]; then
+ shift
+ echo "$1"|awk -F':' '{if (NF == 3 && $3 == "z")
+ printf "Mounted %s with z option.\n", $1
+ else if (NF == 2)
+ printf "Mounted %s without z option.\n", $1}'
+ fi
+ shift
+ done
+ fi
+}
+export -f docker
+export DCKR_MOCK_VER
+
+# Mock a SELinux enabled system
+enable_selinux () {
+ mkdir -p "${TMP}/bin"
+ echo true >"${TMP}/bin"/selinuxenabled
+ chmod a+x "${TMP}/bin"/selinuxenabled
+ if [ "${PATH#${TMP}/bin}" = "${PATH}" ]; then
+ PATH="${TMP}/bin":"$PATH"
+ fi
+}
+
+setup_user () {
+ if [ -z "$(printenv USER)" ]; then
+ if [ -z "$USER" ]; then
+ USER=${HOME##*/}
+ fi
+ export USER
+ fi
+}
+
+# Mock stat command as used in start-build-env.sh
+stat () {
+ if [ "$1" = --printf='%C' -a $# -eq 2 ]; then
+ printf 'mock_u:mock_r:mock_t:s0'
+ else
+ command stat "$@"
+ fi
+}
+export -f stat
+
+# Verify that host directories get mounted without z option
+# and INFO messages get printed out
+@test "start-build-env.sh (Docker without z mount option)" {
+ if [ "$(uname -s)" != "Linux" ]; then
+ skip "Not on Linux platform"
+ fi
+ enable_selinux
+ setup_user
+ DCKR_MOCK_VER=1.4
+ run "${BATS_TEST_DIRNAME}/../../../../../start-build-env.sh"
+ [ "$status" -eq 0 ]
+ [[ ${lines[0]} == "INFO: SELinux is enabled." ]]
+ [[ ${lines[1]} =~ \
+ "Mounted ".*" may not be accessible to the container." ]]
+ [[ ${lines[2]} == \
+ "INFO: If so, on the host, run the following command:" ]]
+ [[ ${lines[3]} =~ "# chcon -Rt svirt_sandbox_file_t " ]]
+ [[ ${lines[-2]} =~ "Mounted ".*" without z option." ]]
+ [[ ${lines[-1]} =~ "Mounted ".*" without z option." ]]
+}
+
+# Verify that host directories get mounted with z option
+@test "start-build-env.sh (Docker with z mount option)" {
+ if [ "$(uname -s)" != "Linux" ]; then
+ skip "Not on Linux platform"
+ fi
+ enable_selinux
+ setup_user
+ DCKR_MOCK_VER=1.7
+ run "${BATS_TEST_DIRNAME}/../../../../../start-build-env.sh"
+ [ "$status" -eq 0 ]
+ [[ ${lines[-2]} =~ "Mounted ".*" with z option." ]]
+ [[ ${lines[-1]} =~ "Mounted ".*" with z option." ]]
+}
http://git-wip-us.apache.org/repos/asf/hadoop/blob/0c5d7d71/start-build-env.sh
----------------------------------------------------------------------
diff --git a/start-build-env.sh b/start-build-env.sh
index 5a18151..4da55af 100755
--- a/start-build-env.sh
+++ b/start-build-env.sh
@@ -21,10 +21,36 @@ cd "$(dirname "$0")" # connect to root
docker build -t hadoop-build dev-support/docker
-if [ "$(uname -s)" == "Linux" ]; then
+if [ "$(uname -s)" = "Linux" ]; then
USER_NAME=${SUDO_USER:=$USER}
USER_ID=$(id -u "${USER_NAME}")
GROUP_ID=$(id -g "${USER_NAME}")
+ # man docker-run
+ # When using SELinux, mounted directories may not be accessible
+ # to the container. To work around this, with Docker prior to 1.7
+ # one needs to run the "chcon -Rt svirt_sandbox_file_t" command on
+ # the directories. With Docker 1.7 and later the z mount option
+ # does this automatically.
+ if command -v selinuxenabled >/dev/null && selinuxenabled; then
+ DCKR_VER=$(docker -v|
+ awk '$1 == "Docker" && $2 == "version" {split($3,ver,".");print ver[1]"."ver[2]}')
+ DCKR_MAJ=${DCKR_VER%.*}
+ DCKR_MIN=${DCKR_VER#*.}
+ if [ "${DCKR_MAJ}" -eq 1 ] && [ "${DCKR_MIN}" -ge 7 ] ||
+ [ "${DCKR_MAJ}" -gt 1 ]; then
+ V_OPTS=:z
+ else
+ for d in "${PWD}" "${HOME}/.m2"; do
+ ctx=$(stat --printf='%C' "$d"|cut -d':' -f3)
+ if [ "$ctx" != svirt_sandbox_file_t ] && [ "$ctx" != container_file_t ]; then
+ printf 'INFO: SELinux is enabled.\n'
+ printf '\tMounted %s may not be accessible to the container.\n' "$d"
+ printf 'INFO: If so, on the host, run the following command:\n'
+ printf '\t# chcon -Rt svirt_sandbox_file_t %s\n' "$d"
+ fi
+ done
+ fi
+ fi
else # boot2docker uid and gid
USER_NAME=$USER
USER_ID=1000
@@ -45,8 +71,8 @@ UserSpecificDocker
# system. And this also is a significant speedup in subsequent
# builds because the dependencies are downloaded only once.
docker run --rm=true -t -i \
- -v "${PWD}:/home/${USER_NAME}/hadoop" \
+ -v "${PWD}:/home/${USER_NAME}/hadoop${V_OPTS:-}" \
-w "/home/${USER_NAME}/hadoop" \
- -v "${HOME}/.m2:/home/${USER_NAME}/.m2" \
+ -v "${HOME}/.m2:/home/${USER_NAME}/.m2${V_OPTS:-}" \
-u "${USER_NAME}" \
"hadoop-build-${USER_ID}"
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org