[
https://issues.apache.org/jira/browse/YARN-4262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sidharta Seethana updated YARN-4262:
------------------------------------
Attachment: YARN-4262.002.patch
Uploaded a new patch. This patch removes the use of yarn.admin.acl and no
longer includes changes from YARN-4258.
> Allow admins to run privileged docker containers.
> --------------------------------------------------
>
> Key: YARN-4262
> URL: https://issues.apache.org/jira/browse/YARN-4262
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: yarn
> Reporter: Sidharta Seethana
> Assignee: Sidharta Seethana
> Attachments: YARN-4262.001.patch, YARN-4262.002.patch
>
>
> (Updated based on discussion in the JIRA)
> There are scenarios where privileged containers are necessary in order to run
> certain kinds of applications (one example is trying to run postresql/oracle
> inside containers). However, given the security implications, we should
> ensure that :
> 1) privileged containers are disabled by default
> 2) if enabled, only a whitelisted set of users should be allowed to launch
> such containers and
> 3) Not all containers launched by whitelisted users need to be privileged
> containers : whitelisted users need to explicitly request that a privileged
> container be launched.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
