[ https://issues.apache.org/jira/browse/YARN-2480?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Allen Wittenauer updated YARN-2480: ----------------------------------- Labels: security (was: ) > DockerContainerExecutor must support user namespaces > ---------------------------------------------------- > > Key: YARN-2480 > URL: https://issues.apache.org/jira/browse/YARN-2480 > Project: Hadoop YARN > Issue Type: New Feature > Reporter: Abin Shahab > Labels: security > > When DockerContainerExector launches a container, the root inside that > container has root privileges on the host. > This is insecure in a mult-tenant environment. The uid of the container's > root user must be mapped to a non-privileged user on the host. -- This message was sent by Atlassian JIRA (v6.2#6252)