[jira] [Commented] (HDDS-1712) Remove sudo access from Ozone docker image

Tue, 16 Jul 2019 15:33:21 -0700 


    [ 
https://issues.apache.org/jira/browse/HDDS-1712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16886519#comment-16886519
 ] 

Anu Engineer commented on HDDS-1712:
------------------------------------

This whole discussion is pointless. Here is why. The images are like 
documentation. They are examples. We don't release them to any one. They are 
like binary artifacts. We cannot in good faith start supporting docker images 
as first class objects of Ozone releases.

 

There are too many combinations:
 # OS - Which flavor of linux should I use ?
 # JVM  - We ship with JVM 11, I am not sure if Hadoop even formally has 
finished a run with JVM.
 # All the other applications like profiler, debuggers etc. etc.

realistically, we should add comment into the docker files saying this is an 
example, and get away from the completely point less discussion.

 

Once again, Apache does not release binary artifacts, so spending too much time 
on this line of developement is not productive and few weeks later someone will 
have a different opinion. Like why are we not using JVM 12.. This is a 
non-ending, fertile for trolling kind of JIRA.

 

We already have documentation that docker images are examples and we should 
just stick to that.

 

Thanks

Anu

 

> Remove sudo access from Ozone docker image
> ------------------------------------------
>
>                 Key: HDDS-1712
>                 URL: https://issues.apache.org/jira/browse/HDDS-1712
>             Project: Hadoop Distributed Data Store
>          Issue Type: Bug
>            Reporter: Eric Yang
>            Assignee: Eric Yang
>            Priority: Major
>              Labels: pull-request-available
>         Attachments: HDDS-1712.001.patch
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Ozone docker image is given unlimited sudo access to hadoop user.  This poses 
> a security risk where host level user uid 1000 can attach a debugger to the 
> container process to obtain root access.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to