Abin Shahab created YARN-2480:
---------------------------------
Summary: DockerContainerExecutor must support user namespaces
Key: YARN-2480
URL: https://issues.apache.org/jira/browse/YARN-2480
Project: Hadoop YARN
Issue Type: New Feature
Reporter: Abin Shahab
When DockerContainerExector launches a container, the root inside that
container has root privileges on the host.
This is insecure in a mult-tenant environment. The uid of the container's root
user must be mapped to a non-privileged user on the host.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
