Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-3611 Support Docker Containers In LinuxContainerExecutor
  3. YARN-4262

Allow whitelisted users to run privileged docker containers.

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.8.0, 3.0.0-alpha1
    • yarn

    Description

      (Updated based on discussion in the JIRA)

      There are scenarios where privileged containers are necessary in order to run certain kinds of applications (one example is trying to run postresql/oracle inside containers). However, given the security implications, we should ensure that :
      1) privileged containers are disabled by default
      2) if enabled, only a whitelisted set of users should be allowed to launch such containers and
      3) Not all containers launched by whitelisted users need to be privileged containers : whitelisted users need to explicitly request that a privileged container be launched.

      Attachments

        1. YARN-4262.001.patch
          24 kB
          Sidharta Seethana
        2. YARN-4262.002.patch
          21 kB
          Sidharta Seethana
        3. YARN-4262.003.patch
          21 kB
          Sidharta Seethana

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            sidharta-s Sidharta Seethana
            sidharta-s Sidharta Seethana
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment