hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Templeton (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-5534) Allow whitelisted volume mounts
Date Thu, 18 Aug 2016 14:50:21 GMT

    [ https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15426566#comment-15426566
] 

Daniel Templeton commented on YARN-5534:
----------------------------------------

A good use case for this is mounting in the Hadoop directories so that they don't have to
be build into the container.  Another use case is mounting in the local tool chain.

> Allow whitelisted volume mounts 
> --------------------------------
>
>                 Key: YARN-5534
>                 URL: https://issues.apache.org/jira/browse/YARN-5534
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn
>            Reporter: luhuichun
>            Assignee: luhuichun
>
> Mounting arbitrary volumes into a Docker container can be a security risk. One approach
to provide safe volume mounts is to allow the cluster administrator to configure a set of
parent directories in the yarn-site.xml from which volume mounts are allowed.  only these
directories and sub-directories are allowed to mount.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message