Eric Badger created YARN-7960:

             Summary: Add no-new-privileges flag to docker run
                 Key: YARN-7960
             Project: Hadoop YARN
          Issue Type: Sub-task
            Reporter: Eric Badger

Minimally, this should be used for unprivileged containers. It's a cheap way to 
add an extra layer of security to the docker model. For privileged containers, 
it might be appropriate to omit this flag

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to