[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Attachment: YARN-7516.015.patch
> Security check for untrusted docker image
> ---
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Attachment: YARN-7516.014.patch
> Security check for untrusted docker image
> ---
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Attachment: YARN-7516.013.patch
> Security check for untrusted docker image
> ---
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Attachment: YARN-7516.012.patch
> Security check for untrusted docker image
> ---
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Attachment: YARN-7516.011.patch
> Security check for untrusted docker image
> ---
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Attachment: YARN-7516.010.patch
> Security check for untrusted docker image
> ---
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Attachment: YARN-7516.009.patch
- Clean up how trusted image is checked.
- Disable ability to set_capabilitie
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Attachment: YARN-7516.008.patch
[~ebadger] Thanks for the review. Patch 008 will disable set_privileged for
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Attachment: YARN-7516.007.patch
[~ebadger] Good catch on C99 restriction. Patch 007 removed usage of boolean
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Attachment: YARN-7516.006.patch
- Change variable name to privileged_registry.
- Improved registry name detec
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Attachment: YARN-7516.005.patch
- Moved validation to container-executor.
> Security check for untrusted doc
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Attachment: YARN-7516.004.patch
[~ebadger] Patch applies. The rebased patch is attached in 004.
> Security
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Attachment: YARN-7516.003.patch
- Fix checkstyle warnings.
- Findbug issue is not introduced by this patch.
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Attachment: YARN-7516.002.patch
- Updated configuration in site document.
> Security check for untrusted doc
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Attachment: YARN-7516.001.patch
- Added check for docker private registry.
- Prevent mounting for public imag
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Badger updated YARN-7516:
--
Issue Type: Sub-task (was: Improvement)
Parent: YARN-3611
> Security check for untrusted docker
[
https://issues.apache.org/jira/browse/YARN-7516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eric Yang updated YARN-7516:
Description:
Hadoop YARN Services can support using private docker registry image or docker
image from docke
17 matches
Mail list logo