hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-4262) Allow whitelisted users to run privileged docker containers.
Date Fri, 16 Oct 2015 08:09:05 GMT

    [ https://issues.apache.org/jira/browse/YARN-4262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14960337#comment-14960337
] 

Hadoop QA commented on YARN-4262:
---------------------------------

\\
\\
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:red}-1{color} | pre-patch |  19m 52s | Pre-patch trunk has 1 extant Findbugs (version
3.0.0) warnings. |
| {color:green}+1{color} | @author |   0m  0s | The patch does not contain any @author tags.
|
| {color:green}+1{color} | tests included |   0m  0s | The patch appears to include 1 new
or modified test files. |
| {color:green}+1{color} | javac |   7m 49s | There were no new javac warning messages. |
| {color:green}+1{color} | javadoc |  10m 16s | There were no new javadoc warning messages.
|
| {color:green}+1{color} | release audit |   0m 23s | The applied patch does not increase
the total number of release audit warnings. |
| {color:red}-1{color} | checkstyle |   1m 49s | The applied patch generated  1 new checkstyle
issues (total was 211, now 211). |
| {color:green}+1{color} | whitespace |   0m  3s | The patch has no lines that end in whitespace.
|
| {color:green}+1{color} | install |   1m 33s | mvn install still works. |
| {color:green}+1{color} | eclipse:eclipse |   0m 33s | The patch built with eclipse:eclipse.
|
| {color:green}+1{color} | findbugs |   4m 32s | The patch does not introduce any new Findbugs
(version 3.0.0) warnings. |
| {color:green}+1{color} | yarn tests |   0m 22s | Tests passed in hadoop-yarn-api. |
| {color:green}+1{color} | yarn tests |   2m  6s | Tests passed in hadoop-yarn-common. |
| {color:green}+1{color} | yarn tests |   8m 46s | Tests passed in hadoop-yarn-server-nodemanager.
|
| | |  58m 46s | |
\\
\\
|| Subsystem || Report/Notes ||
| Patch URL | http://issues.apache.org/jira/secure/attachment/12767002/YARN-4262.003.patch
|
| Optional Tests | javadoc javac unit findbugs checkstyle |
| git revision | trunk / cf23f2c |
| Pre-patch Findbugs warnings | https://builds.apache.org/job/PreCommit-YARN-Build/9464/artifact/patchprocess/trunkFindbugsWarningshadoop-yarn-server-nodemanager.html
|
| checkstyle |  https://builds.apache.org/job/PreCommit-YARN-Build/9464/artifact/patchprocess/diffcheckstylehadoop-yarn-api.txt
|
| hadoop-yarn-api test log | https://builds.apache.org/job/PreCommit-YARN-Build/9464/artifact/patchprocess/testrun_hadoop-yarn-api.txt
|
| hadoop-yarn-common test log | https://builds.apache.org/job/PreCommit-YARN-Build/9464/artifact/patchprocess/testrun_hadoop-yarn-common.txt
|
| hadoop-yarn-server-nodemanager test log | https://builds.apache.org/job/PreCommit-YARN-Build/9464/artifact/patchprocess/testrun_hadoop-yarn-server-nodemanager.txt
|
| Test Results | https://builds.apache.org/job/PreCommit-YARN-Build/9464/testReport/ |
| Java | 1.7.0_55 |
| uname | Linux asf902.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep
3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Console output | https://builds.apache.org/job/PreCommit-YARN-Build/9464/console |


This message was automatically generated.

> Allow whitelisted users to run privileged docker containers. 
> -------------------------------------------------------------
>
>                 Key: YARN-4262
>                 URL: https://issues.apache.org/jira/browse/YARN-4262
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn
>            Reporter: Sidharta Seethana
>            Assignee: Sidharta Seethana
>         Attachments: YARN-4262.001.patch, YARN-4262.002.patch, YARN-4262.003.patch
>
>
> (Updated based on discussion in the JIRA)
> There are scenarios where privileged containers are necessary in order to run certain
kinds of applications (one example is trying to run postresql/oracle inside containers). However,
given the security implications, we should ensure that : 
> 1) privileged containers are disabled by default
> 2) if enabled, only a whitelisted set of users should be allowed to launch such containers
and 
> 3) Not all containers launched by whitelisted users need to be privileged containers
: whitelisted users need to explicitly request that a privileged container be launched.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message