Abin Shahab created YARN-2480: --------------------------------- Summary: DockerContainerExecutor must support user namespaces Key: YARN-2480 URL: https://issues.apache.org/jira/browse/YARN-2480 Project: Hadoop YARN Issue Type: New Feature Reporter: Abin Shahab
When DockerContainerExector launches a container, the root inside that container has root privileges on the host. This is insecure in a mult-tenant environment. The uid of the container's root user must be mapped to a non-privileged user on the host. -- This message was sent by Atlassian JIRA (v6.2#6252)