Arnout Engelen created ZEPPELIN-5862:
----------------------------------------
Summary: Allow using the docker socket to start dockerized
interpreter processes
Key: ZEPPELIN-5862
URL: https://issues.apache.org/jira/browse/ZEPPELIN-5862
Project: Zeppelin
Issue Type: Improvement
Components: docker
Reporter: Arnout Engelen
Currently, in the documentation for running the interpreters in Docker at
[https://zeppelin.apache.org/docs/latest/quickstart/docker.html,] we recommend
users to expose their docker daemon over TCP.
This is dangerous, because the docker daemon typically has broad system
permissions, as documented at
[https://docs.docker.com/engine/security/#docker-daemon-attack-surface]. Making
the docker daemon available to the Zeppelin service over TCP without
accidentally also opening it to untrusted clients is hard.
It would be great if the DockerInterpreterProcess could talk to Docker over the
docker daemon socket: this can be exposed to only the Zeppelin service (and not
other clients) much easier.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
