[
https://issues.apache.org/jira/browse/HDDS-1712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16886332#comment-16886332
]
Eric Yang commented on HDDS-1712:
---------------------------------
[~elek]
{quote}Definitely not. This patch breaks something which works currently. If
some of the mentioned points makes harder to post a proper, fully functional
patch, please fix that issue in advance . Thanks a lot.{quote}
This is quite disappointing. Two branches arrangement makes it not possible to
provide fully functional patch upfront. The docker image must be committed,
and produced a version, then the sequent patch can reference to the docker
image. It is not possible to provide a fully functional patches, unless a
commit and build tag has been made.
In your own code change, you have done exactly this in HDDS-1799. You are
committing pull request 4 without a fully functional pull request 1105. If you
give yourself a lower standard because you are in control of the source code.
Why do you ask higher standard from others? You should not use the double
standard on others if you can not meet your own terms.
I will provide a second patch for review, but it will not be the exact code to
be commit because of the two phase commit issues in current code structure.
Would you be open to 99% functional patch for the second patch?
{quote}I am not sure about kubernetes. Can you please prove this statement (for
kubernetes).{quote}
{code}$ pwd
/home/eyang/test/hadoop/hadoop-ozone/dist/src/main/k8s/examples
[eyang@localhost examples]$ grep -R CORE-SITE *
[eyang@localhost examples]${code}
How does Kubernetes test work, if core-site.xml contain no configuration?
Please educate me the process of config files to be generated for Kubernetes.
> Remove sudo access from Ozone docker image
> ------------------------------------------
>
> Key: HDDS-1712
> URL: https://issues.apache.org/jira/browse/HDDS-1712
> Project: Hadoop Distributed Data Store
> Issue Type: Bug
> Reporter: Eric Yang
> Assignee: Eric Yang
> Priority: Major
> Labels: pull-request-available
> Attachments: HDDS-1712.001.patch
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Ozone docker image is given unlimited sudo access to hadoop user. This poses
> a security risk where host level user uid 1000 can attach a debugger to the
> container process to obtain root access.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
