Sidharta Seethana updated YARN-4262:
    Attachment: YARN-4262.001.patch

Uploading a patch to allow admins to run privileged containers. This patch has 
a dependency on YARN-4258 without which it will not compile. For the time 
being, I have included changes for YARN-4258 in this patch. I'll upload a new 
version once YARN-4258 completes its review cycle. 

[~vvasudev], could you please give this patch a look? Thank you.

> Allow admins to run privileged docker containers. 
> --------------------------------------------------
>                 Key: YARN-4262
>                 URL: https://issues.apache.org/jira/browse/YARN-4262
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn
>            Reporter: Sidharta Seethana
>            Assignee: Sidharta Seethana
>         Attachments: YARN-4262.001.patch
> There are scenarios where privileged containers are necessary in order to run 
> certain kinds of applications (one example is trying to run postresql/oracle 
> inside containers). However, given the security implications, we should 
> ensure that : 
> 1) privileged containers are disabled by default, even for admins 
> 2) if enabled, only admins should be allowed to launch such containers and 
> 3) Not all containers launched by admin users need to be privileged 
> containers : admin users need to explicitly request that a privileged 
> container be launched.

This message was sent by Atlassian JIRA

Reply via email to