Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.8.0, 3.0.0-alpha1
    • Component/s: yarn
    • Labels:
      None

      Description

      (Updated based on discussion in the JIRA)

      There are scenarios where privileged containers are necessary in order to run certain kinds of applications (one example is trying to run postresql/oracle inside containers). However, given the security implications, we should ensure that :
      1) privileged containers are disabled by default
      2) if enabled, only a whitelisted set of users should be allowed to launch such containers and
      3) Not all containers launched by whitelisted users need to be privileged containers : whitelisted users need to explicitly request that a privileged container be launched.

        Attachments

        1. YARN-4262.003.patch
          21 kB
          Sidharta Seethana
        2. YARN-4262.002.patch
          21 kB
          Sidharta Seethana
        3. YARN-4262.001.patch
          24 kB
          Sidharta Seethana

          Activity

            People

            • Assignee:
              sidharta-s Sidharta Seethana
              Reporter:
              sidharta-s Sidharta Seethana
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: