Sidharta Seethana created YARN-4266:

             Summary: Allow whitelisted users to disable user 
re-mapping/squashing when launching docker containers
                 Key: YARN-4266
             Project: Hadoop YARN
          Issue Type: Sub-task
            Reporter: Sidharta Seethana
            Assignee: Sidharta Seethana

Docker provides a mechanism (the --user switch) that enables us to specify the 
user the container processes should run as. We use this mechanism today when 
launching docker containers . In non-secure mode, we run the docker container 
based on `yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user` 
and in secure mode, as the submitting user. However, this mechanism breaks down 
with a large number of 'pre-created' images which don't necessarily have the 
users available within the image. We need a way in which we can allow a 
pre-defined set of users to run containers based on existing images, without 
using the --user switch. 

This message was sent by Atlassian JIRA

Reply via email to