Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-2480

DockerContainerExecutor must support user namespaces

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • None
    • None
    • None

    Description

      When DockerContainerExector launches a container, the root inside that container has root privileges on the host.
      This is insecure in a mult-tenant environment. The uid of the container's root user must be mapped to a non-privileged user on the host.

      Attachments

        Issue Links

          is part of

          New Feature - A new feature of the product, which has yet to be developed. YARN-2466 Umbrella issue for Yarn launched Docker Containers

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              ashahab Abin Shahab
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: