Return-Path: <yarn-issues-return-93906-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id CF229200B66
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Thu, 18 Aug 2016 16:50:22 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id CDB07160AAE; Thu, 18 Aug 2016 14:50:22 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 46922160A86
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 18 Aug 2016 16:50:22 +0200 (CEST)
Received: (qmail 88716 invoked by uid 500); 18 Aug 2016 14:50:21 -0000
Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:yarn-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:yarn-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:yarn-issues@hadoop.apache.org>
List-Id: <yarn-issues.hadoop.apache.org>
Delivered-To: mailing list yarn-issues@hadoop.apache.org
Received: (qmail 88704 invoked by uid 99); 18 Aug 2016 14:50:21 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Aug 2016 14:50:21 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id 50EAE2C02A4
	for <yarn-issues@hadoop.apache.org>; Thu, 18 Aug 2016 14:50:21 +0000 (UTC)
Date: Thu, 18 Aug 2016 14:50:21 +0000 (UTC)
From: "Daniel Templeton (JIRA)" <jira@apache.org>
To: yarn-issues@hadoop.apache.org
Message-ID: <JIRA.12998105.1471500638000.345350.1471531821328@Atlassian.JIRA>
In-Reply-To: <JIRA.12998105.1471500638000@Atlassian.JIRA>
References: <JIRA.12998105.1471500638000@Atlassian.JIRA> <JIRA.12998105.1471500638705@arcas>
Subject: [jira] [Commented] (YARN-5534) Allow whitelisted volume mounts
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Thu, 18 Aug 2016 14:50:23 -0000


    [ https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15426566#comment-15426566 ] 

Daniel Templeton commented on YARN-5534:
----------------------------------------

A good use case for this is mounting in the Hadoop directories so that they don't have to be build into the container.  Another use case is mounting in the local tool chain.

> Allow whitelisted volume mounts 
> --------------------------------
>
>                 Key: YARN-5534
>                 URL: https://issues.apache.org/jira/browse/YARN-5534
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn
>            Reporter: luhuichun
>            Assignee: luhuichun
>
> Mounting arbitrary volumes into a Docker container can be a security risk. One approach to provide safe volume mounts is to allow the cluster administrator to configure a set of parent directories in the yarn-site.xml from which volume mounts are allowed.  only these directories and sub-directories are allowed to mount.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org