[ https://issues.apache.org/jira/browse/YARN-4262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14957535#comment-14957535 ]
Sidharta Seethana commented on YARN-4262: ----------------------------------------- Hi [~aw], I did consider using a separate list. Running a privileged container in some ways provides the equivalent of superuser access to the underlying node. So, the question here would be : should we expose such functionality to anybody who is not in the 'admin' role for the cluster? Thoughts? thanks, -Sidharta > Allow admins to run privileged docker containers. > -------------------------------------------------- > > Key: YARN-4262 > URL: https://issues.apache.org/jira/browse/YARN-4262 > Project: Hadoop YARN > Issue Type: Sub-task > Components: yarn > Reporter: Sidharta Seethana > Assignee: Sidharta Seethana > Attachments: YARN-4262.001.patch > > > There are scenarios where privileged containers are necessary in order to run > certain kinds of applications (one example is trying to run postresql/oracle > inside containers). However, given the security implications, we should > ensure that : > 1) privileged containers are disabled by default, even for admins > 2) if enabled, only admins should be allowed to launch such containers and > 3) Not all containers launched by admin users need to be privileged > containers : admin users need to explicitly request that a privileged > container be launched. -- This message was sent by Atlassian JIRA (v6.3.4#6332)