You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Eric Yang (JIRA)" <ji...@apache.org> on 2018/11/05 04:51:01 UTC

[jira] [Assigned] (YARN-8376) Separate white list for docker.trusted.registries and docker.privileged-container.registries

     [ https://issues.apache.org/jira/browse/YARN-8376?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Eric Yang reassigned YARN-8376:
-------------------------------

    Assignee: Zhankun Tang

> Separate white list for docker.trusted.registries and docker.privileged-container.registries
> --------------------------------------------------------------------------------------------
>
>                 Key: YARN-8376
>                 URL: https://issues.apache.org/jira/browse/YARN-8376
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Eric Yang
>            Assignee: Zhankun Tang
>            Priority: Major
>              Labels: docker
>
> In the ideal world, it would be possible to have separate white lists for docker registry depending on the security requirement for each type of docker images:
> 1. Registries from which we can run non-privileged containers without mounts
> 2. Registries from which we can run non-privileged containers with mounts
> 3. Registries from which we can run privileged or non-privileged containers with mounts
> In the current implementation, there are only type 1 and type 2 or 3.  It would be nice to definite a separate white list to differentiate between 2 and 3.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org