[ https://issues.apache.org/jira/browse/YARN-8342?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16494120#comment-16494120 ]
Eric Yang commented on YARN-8342: --------------------------------- [~ebadger] {quote} You have high confidence in everything in this registry and therefore are willing to let these images be run as privileged. With a single list for registries (with mounts), I believe this use case would be impossible.{quote} I agree this is a possible area for improvement. {quote} I agree with the launch_command change. As for the registries label change, it would be nice to have a plan in place for how we're going to tackle this to make it less confusing. However, I'm also ok making that a separate change in a different JIRA. {quote} This is progression improvement that can be enhanced to further lock down privileged registry when the demand arises. I opened YARN-8376 to track the separation of white lists to avoid confusions. At this time, we will label type 2 and 3 as docker.trusted.registries. In YARN-8376, we can label type 2 as docker.trusted.registries, and type 3 as docker.privileged-container.registries. > Using docker image from a non-privileged registry, the launch_command is not > honored > ------------------------------------------------------------------------------------ > > Key: YARN-8342 > URL: https://issues.apache.org/jira/browse/YARN-8342 > Project: Hadoop YARN > Issue Type: Sub-task > Reporter: Wangda Tan > Assignee: Eric Yang > Priority: Critical > Labels: Docker > Attachments: YARN-8342.001.patch > > > During test of the Docker feature, I found that if a container comes from > non-privileged docker registry, the specified launch command will be ignored. > Container will success without any log, which is very confusing to end users. > And this behavior is inconsistent to containers from privileged docker > registries. > cc: [~eyang], [~shaneku...@gmail.com], [~ebadger], [~jlowe] -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org