[ 
https://issues.apache.org/jira/browse/YARN-4266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sidharta Seethana updated YARN-4266:
------------------------------------
    Description: 
Docker provides a mechanism (the --user switch) that enables us to specify the 
user the container processes should run as. We use this mechanism today when 
launching docker containers . In non-secure mode, we run the docker container 
based on `yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user` 
and in secure mode, as the submitting user. However, this mechanism breaks down 
with a large number of 'pre-created' images which don't necessarily have the 
users available within the image. Examples of such images include shared images 
that need to be used by multiple users. We need a way in which we can allow a 
pre-defined set of users to run containers based on existing images, without 
using the --user switch. 



  was:Docker provides a mechanism (the --user switch) that enables us to 
specify the user the container processes should run as. We use this mechanism 
today when launching docker containers . In non-secure mode, we run the docker 
container based on 
`yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user` and in 
secure mode, as the submitting user. However, this mechanism breaks down with a 
large number of 'pre-created' images which don't necessarily have the users 
available within the image. We need a way in which we can allow a pre-defined 
set of users to run containers based on existing images, without using the 
--user switch. 


> Allow whitelisted users to disable user re-mapping/squashing when launching 
> docker containers
> ---------------------------------------------------------------------------------------------
>
>                 Key: YARN-4266
>                 URL: https://issues.apache.org/jira/browse/YARN-4266
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn
>            Reporter: Sidharta Seethana
>            Assignee: Sidharta Seethana
>
> Docker provides a mechanism (the --user switch) that enables us to specify 
> the user the container processes should run as. We use this mechanism today 
> when launching docker containers . In non-secure mode, we run the docker 
> container based on 
> `yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user` and in 
> secure mode, as the submitting user. However, this mechanism breaks down with 
> a large number of 'pre-created' images which don't necessarily have the users 
> available within the image. Examples of such images include shared images 
> that need to be used by multiple users. We need a way in which we can allow a 
> pre-defined set of users to run containers based on existing images, without 
> using the --user switch. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to