hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anu Engineer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDDS-1712) Remove sudo access from Ozone docker image
Date Wed, 17 Jul 2019 20:19:00 GMT

    [ https://issues.apache.org/jira/browse/HDDS-1712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16887393#comment-16887393
] 

Anu Engineer commented on HDDS-1712:
------------------------------------

{quote}[~anu] Doesn't Ozone quick start guide refer to use docker-compose to start the cluster?
This
{quote}
It does not; that examples also say you can start a cluster on your laptop and you can run
the process inside a single docker container. Those are for people who are wondering what
Ozone is?. Those are not instructions for the real product. As usual, you are getting confused
between the real product and documentation examples.

 

> Remove sudo access from Ozone docker image
> ------------------------------------------
>
>                 Key: HDDS-1712
>                 URL: https://issues.apache.org/jira/browse/HDDS-1712
>             Project: Hadoop Distributed Data Store
>          Issue Type: Bug
>            Reporter: Eric Yang
>            Assignee: Eric Yang
>            Priority: Major
>              Labels: pull-request-available
>         Attachments: HDDS-1712.001.patch
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Ozone docker image is given unlimited sudo access to hadoop user.  This poses a security
risk where host level user uid 1000 can attach a debugger to the container process to obtain
root access.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message