[jira] [Commented] (YARN-4262) Allow whitelisted users to run privileged docker containers.

Mon, 19 Oct 2015 08:20:06 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-4262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14963455#comment-14963455
 ] 

Hudson commented on YARN-4262:
------------------------------

FAILURE: Integrated in Hadoop-Yarn-trunk #1287 (See 
[https://builds.apache.org/job/Hadoop-Yarn-trunk/1287/])
YARN-4262. Allow whitelisted users to run privileged docker containers. 
(vvasudev: rev e39ae0e676f77fab216e2281ae946ab8c647733f)
* 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/DockerLinuxContainerRuntime.java
* 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/main/resources/yarn-default.xml
* 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/docker/DockerRunCommand.java
* 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.java
* 
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
* hadoop-yarn-project/CHANGES.txt


> Allow whitelisted users to run privileged docker containers. 
> -------------------------------------------------------------
>
>                 Key: YARN-4262
>                 URL: https://issues.apache.org/jira/browse/YARN-4262
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn
>            Reporter: Sidharta Seethana
>            Assignee: Sidharta Seethana
>             Fix For: 2.8.0
>
>         Attachments: YARN-4262.001.patch, YARN-4262.002.patch, 
> YARN-4262.003.patch
>
>
> (Updated based on discussion in the JIRA)
> There are scenarios where privileged containers are necessary in order to run 
> certain kinds of applications (one example is trying to run postresql/oracle 
> inside containers). However, given the security implications, we should 
> ensure that : 
> 1) privileged containers are disabled by default
> 2) if enabled, only a whitelisted set of users should be allowed to launch 
> such containers and 
> 3) Not all containers launched by whitelisted users need to be privileged 
> containers : whitelisted users need to explicitly request that a privileged 
> container be launched.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to