[
https://issues.apache.org/jira/browse/HDDS-1712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16888095#comment-16888095
]
Eric Yang commented on HDDS-1712:
---------------------------------
[~elek] Your output seems to indicate multiple datanode pods. This looks
different than what I would expected, shouldn't it look like this:
{code}
{code}
$ kubectl get pod
NAME READY STATUS RESTARTS AGE
datanode-0 3/3 Running 0 11m
om-0 1/1 Running 0 11m
s3g-0 1/1 Running 0 11m
scm-0 1/1 Running 0 11m
{code}
Where datanode-0 pod has 3 instances running? We can take this offline in
HDDS-1825. However, I think it is not fair to ask removal of sudo patch to
include a full working smoke test code on kubernetes cluster because the
kubernetes cluster code is incomplete. I can include patch for smoke test to
work with docker-compose cluster, if you are open to this. Thoughts?
> Remove sudo access from Ozone docker image
> ------------------------------------------
>
> Key: HDDS-1712
> URL: https://issues.apache.org/jira/browse/HDDS-1712
> Project: Hadoop Distributed Data Store
> Issue Type: Bug
> Reporter: Eric Yang
> Assignee: Eric Yang
> Priority: Major
> Labels: pull-request-available
> Attachments: HDDS-1712.001.patch
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Ozone docker image is given unlimited sudo access to hadoop user. This poses
> a security risk where host level user uid 1000 can attach a debugger to the
> container process to obtain root access.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
