Sidharta Seethana updated YARN-4262:
    Attachment: YARN-4262.003.patch

Thanks, [~vvasudev]. Uploaded a new patch with the suggested fixes in place.

> Allow whitelisted users to run privileged docker containers. 
> -------------------------------------------------------------
>                 Key: YARN-4262
>                 URL: https://issues.apache.org/jira/browse/YARN-4262
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn
>            Reporter: Sidharta Seethana
>            Assignee: Sidharta Seethana
>         Attachments: YARN-4262.001.patch, YARN-4262.002.patch, 
> YARN-4262.003.patch
> (Updated based on discussion in the JIRA)
> There are scenarios where privileged containers are necessary in order to run 
> certain kinds of applications (one example is trying to run postresql/oracle 
> inside containers). However, given the security implications, we should 
> ensure that : 
> 1) privileged containers are disabled by default
> 2) if enabled, only a whitelisted set of users should be allowed to launch 
> such containers and 
> 3) Not all containers launched by whitelisted users need to be privileged 
> containers : whitelisted users need to explicitly request that a privileged 
> container be launched.

This message was sent by Atlassian JIRA

Reply via email to