[YARN-4262] Allow whitelisted users to run privileged docker containers. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.8.0, 3.0.0-alpha1
Component/s: yarn
Labels:
- Docker

Description

(Updated based on discussion in the JIRA)

There are scenarios where privileged containers are necessary in order to run certain kinds of applications (one example is trying to run postresql/oracle inside containers). However, given the security implications, we should ensure that :
1) privileged containers are disabled by default
2) if enabled, only a whitelisted set of users should be allowed to launch such containers and
3) Not all containers launched by whitelisted users need to be privileged containers : whitelisted users need to explicitly request that a privileged container be launched.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YARN-4262.003.patch
16/Oct/15 07:04
21 kB
Sidharta Seethana
YARN-4262.002.patch
15/Oct/15 08:55
21 kB
Sidharta Seethana
YARN-4262.001.patch
14/Oct/15 14:15
24 kB
Sidharta Seethana

Activity

People

Assignee:: Sidharta Seethana

Reporter:: Sidharta Seethana

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 14/Oct/15 11:37

Updated:: 02/May/18 22:34

Resolved:: 19/Oct/15 14:55