[
https://issues.apache.org/jira/browse/YARN-8376?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16789996#comment-16789996
]
Eric Yang commented on YARN-8376:
---------------------------------
[~ebadger] {quote}if you're trusting an image to be run as privileged, it is
implied that you would also trust it to be run as non-privileged.{quote} .
If docker.privileged-containers.registries is a superset, user might be granted
access to secrets or setuid binaries by accident that he might not have access
otherwise. The explicit define in both lists provides more fine-grained
shielding to prevent access to unauthorized content. Between necessity and
ease of use, I think we have to go with explicitly defined in this case. If
admin wants to ease of use, they can define only docker.trusted.registry
without defining docker.privileged-containers.registries, and provides the same
level of security by definition of superset approach.
{quote}Also, there needs to be a mode where you can specify for there to be no
privileged registries.{quote}
I think this is controlled by: docker.privileged-containers.enabled=true flag.
Docker.privileged-containers.registries is optional for admin that prefers to
have tighter grip of control over users activity. The binary logic here
doesn't make things harder for admin that already have access to circumvent the
acl lists.
> Separate white list for docker.trusted.registries and
> docker.privileged-container.registries
> --------------------------------------------------------------------------------------------
>
> Key: YARN-8376
> URL: https://issues.apache.org/jira/browse/YARN-8376
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Eric Yang
> Assignee: Eric Yang
> Priority: Major
> Labels: docker
> Attachments: YARN-8376.001.patch, YARN-8376.002.patch
>
>
> In the ideal world, it would be possible to have separate white lists for
> docker registry depending on the security requirement for each type of docker
> images:
> 1. Registries from which we can run non-privileged containers without mounts
> 2. Registries from which we can run non-privileged containers with mounts
> 3. Registries from which we can run privileged or non-privileged containers
> with mounts
> In the current implementation, there are only type 1 and type 2 or 3. It
> would be nice to definite a separate white list to differentiate between 2
> and 3.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
