Eric Yang created YARN-7221:
-------------------------------
Summary: Add security check for privileged docker container
Key: YARN-7221
URL: https://issues.apache.org/jira/browse/YARN-7221
Project: Hadoop YARN
Issue Type: Sub-task
Reporter: Eric Yang
When a docker is running with privileges, majority of the use case is to have
some program running with root then drop privileges to another user. i.e.
httpd to start with privileged and bind to port 80, then drop privileges to www
user.
# We should add security check for submitting users, to verify they have "sudo"
access to run privileged container.
# We should remove --user=uid:gid for privileged containers.
Docker can be launched with --privileged=true, and --user=uid:gid flag. With
this parameter combinations, user will not have access to become root user.
All docker exec command will be drop to uid:gid user to run instead of granting
privileges. User can gain root privileges if container file system contains
files that give user extra power, but this type of image is considered as
dangerous. Non-privileged user can launch container with special bits to
acquire same level of root power. Hence, we lose control of which image should
be run with --privileges, and who have sudo rights to use privileged container
images. As the result, we should check for sudo access then decide to
parameterize --privileged=true OR --user=uid:gid. This will avoid leading
developer down the wrong path.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
