Arnout Engelen created ZEPPELIN-5862: ----------------------------------------
Summary: Allow using the docker socket to start dockerized interpreter processes Key: ZEPPELIN-5862 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5862 Project: Zeppelin Issue Type: Improvement Components: docker Reporter: Arnout Engelen Currently, in the documentation for running the interpreters in Docker at [https://zeppelin.apache.org/docs/latest/quickstart/docker.html,] we recommend users to expose their docker daemon over TCP. This is dangerous, because the docker daemon typically has broad system permissions, as documented at [https://docs.docker.com/engine/security/#docker-daemon-attack-surface]. Making the docker daemon available to the Zeppelin service over TCP without accidentally also opening it to untrusted clients is hard. It would be great if the DockerInterpreterProcess could talk to Docker over the docker daemon socket: this can be exposed to only the Zeppelin service (and not other clients) much easier. -- This message was sent by Atlassian Jira (v8.20.10#820010)