[jira] [Created] (YARN-7960) Add no-new-privileges flag to docker run

Eric Badger (JIRA) Thu, 22 Feb 2018 08:04:11 -0800

Eric Badger created YARN-7960:
---------------------------------

             Summary: Add no-new-privileges flag to docker run
                 Key: YARN-7960
                 URL: https://issues.apache.org/jira/browse/YARN-7960
             Project: Hadoop YARN
          Issue Type: Sub-task
            Reporter: Eric Badger



Minimally, this should be used for unprivileged containers. It's a cheap way to 
add an extra layer of security to the docker model. For privileged containers, 
it might be appropriate to omit this flag

https://github.com/moby/moby/pull/20727



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-dev-h...@hadoop.apache.org

[jira] [Created] (YARN-7960) Add no-new-privileges flag to docker run

Reply via email to