[ https://issues.apache.org/jira/browse/YARN-4262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14957127#comment-14957127 ]
Allen Wittenauer commented on YARN-4262: ---------------------------------------- "admin" is the wrong thing to do here. It really should be a different list of users so that the two feature sets can have separation of privileges. > Allow admins to run privileged docker containers. > -------------------------------------------------- > > Key: YARN-4262 > URL: https://issues.apache.org/jira/browse/YARN-4262 > Project: Hadoop YARN > Issue Type: Sub-task > Components: yarn > Reporter: Sidharta Seethana > Assignee: Sidharta Seethana > Attachments: YARN-4262.001.patch > > > There are scenarios where privileged containers are necessary in order to run > certain kinds of applications (one example is trying to run postresql/oracle > inside containers). However, given the security implications, we should > ensure that : > 1) privileged containers are disabled by default, even for admins > 2) if enabled, only admins should be allowed to launch such containers and > 3) Not all containers launched by admin users need to be privileged > containers : admin users need to explicitly request that a privileged > container be launched. -- This message was sent by Atlassian JIRA (v6.3.4#6332)