[ 
https://issues.apache.org/jira/browse/YARN-4262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sidharta Seethana updated YARN-4262:
------------------------------------
    Attachment: YARN-4262.003.patch

Thanks, [~vvasudev]. Uploaded a new patch with the suggested fixes in place.

> Allow whitelisted users to run privileged docker containers. 
> -------------------------------------------------------------
>
>                 Key: YARN-4262
>                 URL: https://issues.apache.org/jira/browse/YARN-4262
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn
>            Reporter: Sidharta Seethana
>            Assignee: Sidharta Seethana
>         Attachments: YARN-4262.001.patch, YARN-4262.002.patch, 
> YARN-4262.003.patch
>
>
> (Updated based on discussion in the JIRA)
> There are scenarios where privileged containers are necessary in order to run 
> certain kinds of applications (one example is trying to run postresql/oracle 
> inside containers). However, given the security implications, we should 
> ensure that : 
> 1) privileged containers are disabled by default
> 2) if enabled, only a whitelisted set of users should be allowed to launch 
> such containers and 
> 3) Not all containers launched by whitelisted users need to be privileged 
> containers : whitelisted users need to explicitly request that a privileged 
> container be launched.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to