hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Badger (JIRA)" <j...@apache.org>
Subject [jira] [Created] (YARN-7960) Add no-new-privileges flag to docker run
Date Thu, 22 Feb 2018 16:03:00 GMT
Eric Badger created YARN-7960:
---------------------------------

             Summary: Add no-new-privileges flag to docker run
                 Key: YARN-7960
                 URL: https://issues.apache.org/jira/browse/YARN-7960
             Project: Hadoop YARN
          Issue Type: Sub-task
            Reporter: Eric Badger


Minimally, this should be used for unprivileged containers. It's a cheap way to add an extra
layer of security to the docker model. For privileged containers, it might be appropriate
to omit this flag

https://github.com/moby/moby/pull/20727



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message