hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Yang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (YARN-7446) Docker container privileged mode and --user flag contradict each other
Date Mon, 06 Nov 2017 16:49:03 GMT
Eric Yang created YARN-7446:
-------------------------------

             Summary: Docker container privileged mode and --user flag contradict each other
                 Key: YARN-7446
                 URL: https://issues.apache.org/jira/browse/YARN-7446
             Project: Hadoop YARN
          Issue Type: Bug
    Affects Versions: 3.0.0
            Reporter: Eric Yang


In the current implementation, when privileged=true, --user flag is also passed to docker
for launching container.  In reality, the container has no way to use root privileges unless
there is sticky bit or sudoers in the image for the specified user to gain privileges again.
 To avoid duplication of dropping and reacquire root privileges, we can reduce the duplication
of specifying both flag.  When privileged mode is enabled, --user flag should be omitted.
 When non-privileged mode is enabled, --user flag is supplied.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message