[jira] [Resolved] (YARN-2480) DockerContainerExecutor must support user namespaces

Haibo Chen (JIRA) Wed, 28 Mar 2018 09:54:23 -0700

     [ 
https://issues.apache.org/jira/browse/YARN-2480?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Haibo Chen resolved YARN-2480.
------------------------------
    Resolution: Won't Fix

Closing this as DockerContainerExecutor has been deprecated in branch-2 and 
removed in trunk

> DockerContainerExecutor must support user namespaces
> ----------------------------------------------------
>
>                 Key: YARN-2480
>                 URL: https://issues.apache.org/jira/browse/YARN-2480
>             Project: Hadoop YARN
>          Issue Type: New Feature
>            Reporter: Abin Shahab
>            Priority: Major
>              Labels: security
>
> When DockerContainerExector launches a container, the root inside that 
> container has root privileges on the host. 
> This is insecure in a mult-tenant environment. The uid of the container's 
> root user must be mapped to a non-privileged user on the host.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

[jira] [Resolved] (YARN-2480) DockerContainerExecutor must support user namespaces

Reply via email to