hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shane Kumpf (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-5534) Allow whitelisted volume mounts
Date Mon, 17 Jul 2017 11:42:00 GMT

    [ https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16089694#comment-16089694

Shane Kumpf commented on YARN-5534:

[~ebadger] - sorry for the delay here. I'm actively working on this. 

Couple of comments on the approach:
# YARN-4595 addressed read-only mounts for local resources. I'm planning to consolidate the
mount whitelist and local resource mounts into a single ENV variable.
# Local resources will be implicitly added to the whitelist in read-only mode.
# There is currently an issue with multiple mounts and MapReduce due to how environment variables
are parsed. See YARN-6830.
# The admin will define a comma separated list of <src>:<mode> (ro or rw) mounts,
the requesting user will supply <src>:<dest>:<mode> - mode must be equal
to or lesser than the admin defined mode (i.e. admin defines mount as rw, user can bind mount
as rw OR ro).

One question here, does any feel there is value in allowing the admin to restrict the destination
mount point within the container? I can't think of a use case for this, and expect most admins
would likely just wildcard the field for all the mounts. Currently, the plan for the admin
supplied whitelist does not include restricting the destination within the container.

> Allow whitelisted volume mounts 
> --------------------------------
>                 Key: YARN-5534
>                 URL: https://issues.apache.org/jira/browse/YARN-5534
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn
>            Reporter: luhuichun
>            Assignee: Shane Kumpf
>         Attachments: YARN-5534.001.patch, YARN-5534.002.patch
> Introduction 
> Mounting files or directories from the host is one way of passing configuration and other
information into a docker container. 
> We could allow the user to set a list of mounts in the environment of ContainerLaunchContext
(e.g. /dir1:/targetdir1,/dir2:/targetdir2). 
> These would be mounted read-only to the specified target locations. This has been resolved
in YARN-4595
> 2.Problem Definition
> Bug mounting arbitrary volumes into a Docker container can be a security risk.
> 3.Possible solutions
> one approach to provide safe mounts is to allow the cluster administrator to configure
a set of parent directories as white list mounting directories.
>  Add a property named yarn.nodemanager.volume-mounts.white-list, when container executor
do mount checking, only the allowed directories or sub-directories can be mounted. 

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org

View raw message