[
https://issues.apache.org/jira/browse/HDDS-1712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16889252#comment-16889252
]
Eric Yang commented on HDDS-1712:
---------------------------------
[~elek] HDDS-1712.001.hadoop-docker-ozone.patch and HDDS-1712.002.patch should
remove sudo together to make Ozone-runner image less powerful.
I can only get 33 out of 110 test case pass on my own test machine without the
patch.
When the patch is applied, the same result appears in smoke test report.
I don't have s3 account to validate if s3 test cases would pass. Please help
with the verification. Thanks
> Remove sudo access from Ozone docker image
> ------------------------------------------
>
> Key: HDDS-1712
> URL: https://issues.apache.org/jira/browse/HDDS-1712
> Project: Hadoop Distributed Data Store
> Issue Type: Bug
> Reporter: Eric Yang
> Assignee: Eric Yang
> Priority: Major
> Labels: pull-request-available
> Attachments: HDDS-1712.001.hadoop-docker-ozone.patch,
> HDDS-1712.001.patch, HDDS-1712.002.patch
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Ozone docker image is given unlimited sudo access to hadoop user. This poses
> a security risk where host level user uid 1000 can attach a debugger to the
> container process to obtain root access.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
