Eric Badger created YARN-7960: --------------------------------- Summary: Add no-new-privileges flag to docker run Key: YARN-7960 URL: https://issues.apache.org/jira/browse/YARN-7960 Project: Hadoop YARN Issue Type: Sub-task Reporter: Eric Badger
Minimally, this should be used for unprivileged containers. It's a cheap way to add an extra layer of security to the docker model. For privileged containers, it might be appropriate to omit this flag https://github.com/moby/moby/pull/20727 -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org