[
https://issues.apache.org/jira/browse/HADOOP-12576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15011529#comment-15011529
]
Haohui Mai commented on HADOOP-12576:
-------------------------------------
bq. Docker daemon always run as root user because it uses Unix socket.
You can add the user to the docker group.
bq. But I think it is useful to build with sudo in such case when we only want
to build hadoop source code.
It's problematic in terms of security practice if the attacker able get out of
the jail of LXC. The attacker suddenly has the root access of the machine.
There are real incidents happened.
> Same owner of maven repository on Docker container to build user
> ----------------------------------------------------------------
>
> Key: HADOOP-12576
> URL: https://issues.apache.org/jira/browse/HADOOP-12576
> Project: Hadoop Common
> Issue Type: Improvement
> Affects Versions: 3.0.0
> Reporter: Kai Sasaki
> Assignee: Kai Sasaki
> Priority: Trivial
> Labels: docker
> Attachments: HADOOP-12576.01.patch
>
>
> When local maven repository has not yet created, docker container launched by
> {{start-build-env.sh}} create it owned by launching user. {{docker}} command
> ofter be run by root user unless manipulating docker unix groups.
> In that case, maven local repository is created by root user and building
> process inside container fails.
> It is better to make sure to create maven local repository by just the user
> who trying to build before launching docker container if not exist maven
> local repository.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
