Eric Yang created YARN-7446:
-------------------------------
Summary: Docker container privileged mode and --user flag
contradict each other
Key: YARN-7446
URL: https://issues.apache.org/jira/browse/YARN-7446
Project: Hadoop YARN
Issue Type: Bug
Affects Versions: 3.0.0
Reporter: Eric Yang
In the current implementation, when privileged=true, --user flag is also passed
to docker for launching container. In reality, the container has no way to use
root privileges unless there is sticky bit or sudoers in the image for the
specified user to gain privileges again. To avoid duplication of dropping and
reacquire root privileges, we can reduce the duplication of specifying both
flag. When privileged mode is enabled, --user flag should be omitted. When
non-privileged mode is enabled, --user flag is supplied.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-dev-h...@hadoop.apache.org
