You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Eric Badger (JIRA)" <ji...@apache.org> on 2018/05/02 22:35:13 UTC
[jira] [Updated] (YARN-7446) Docker container privileged mode and
--user flag contradict each other
[ https://issues.apache.org/jira/browse/YARN-7446?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Badger updated YARN-7446:
------------------------------
Labels: Docker (was: )
> Docker container privileged mode and --user flag contradict each other
> ----------------------------------------------------------------------
>
> Key: YARN-7446
> URL: https://issues.apache.org/jira/browse/YARN-7446
> Project: Hadoop YARN
> Issue Type: Sub-task
> Affects Versions: 3.0.0, 3.1.0
> Reporter: Eric Yang
> Assignee: Eric Yang
> Priority: Major
> Labels: Docker
> Fix For: 3.1.0
>
> Attachments: YARN-7446.001.patch, YARN-7446.002.patch, YARN-7446.003.patch, YARN-7446.004.patch
>
>
> In the current implementation, when privileged=true, --user flag is also passed to docker for launching container. In reality, the container has no way to use root privileges unless there is sticky bit or sudoers in the image for the specified user to gain privileges again. To avoid duplication of dropping and reacquire root privileges, we can reduce the duplication of specifying both flag. When privileged mode is enabled, --user flag should be omitted. When non-privileged mode is enabled, --user flag is supplied.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org