Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id BD59D200D00 for ; Thu, 3 Aug 2017 03:42:07 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id BA09D16AA56; Thu, 3 Aug 2017 01:42:07 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 09C1516AA5F for ; Thu, 3 Aug 2017 03:42:06 +0200 (CEST) Received: (qmail 52070 invoked by uid 500); 3 Aug 2017 01:42:04 -0000 Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list yarn-issues@hadoop.apache.org Received: (qmail 52054 invoked by uid 99); 3 Aug 2017 01:42:04 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 03 Aug 2017 01:42:04 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id BA4891A08C3 for ; Thu, 3 Aug 2017 01:42:03 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.002 X-Spam-Level: X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id Eyak_6EM5bda for ; Thu, 3 Aug 2017 01:42:02 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 11B085F5C4 for ; Thu, 3 Aug 2017 01:42:02 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 53A73E0996 for ; Thu, 3 Aug 2017 01:42:01 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 0919E2464D for ; Thu, 3 Aug 2017 01:42:01 +0000 (UTC) Date: Thu, 3 Aug 2017 01:42:01 +0000 (UTC) From: "Vinod Kumar Vavilapalli (JIRA)" To: yarn-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (YARN-5534) Allow whitelisted volume mounts MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Thu, 03 Aug 2017 01:42:07 -0000 [ https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16112046#comment-16112046 ] Vinod Kumar Vavilapalli commented on YARN-5534: ----------------------------------------------- bq. In general I think this is redundant. Each feature should have only one config location otherwise it affect usability (for the admins). The reason why we need it both areas is because (a) the java land only reads yarn-site.xml and the C land only reads container-executor.cfg and both need to know if a feature is enabled or not (b) the files have different ownerships - yarn user vs root. This is an existing pattern given the NM -> Container-Executor separation. Unrolling it would mostly mean forcing the java land also read container-executor.cfg. The opposite will likely not happen - C land reading multiple config files will increase the surface area. bq. getCGroupsCpuResourceHandler(), where any of the config settings implied that the user needs a resource handler without any other config knob. getCGroupsCpuResourceHandler() works because all the cgroups heavy-lifting is done in the java land and so this split code problem doesn't exist there. There is only one privileged operation in the c land - setup of cgroups, which one can argue shouldn't be enabled by default either. > Allow whitelisted volume mounts > -------------------------------- > > Key: YARN-5534 > URL: https://issues.apache.org/jira/browse/YARN-5534 > Project: Hadoop YARN > Issue Type: Sub-task > Components: yarn > Reporter: luhuichun > Assignee: Shane Kumpf > Attachments: YARN-5534.001.patch, YARN-5534.002.patch, YARN-5534.003.patch > > > Introduction > Mounting files or directories from the host is one way of passing configuration and other information into a docker container. > We could allow the user to set a list of mounts in the environment of ContainerLaunchContext (e.g. /dir1:/targetdir1,/dir2:/targetdir2). > These would be mounted read-only to the specified target locations. This has been resolved in YARN-4595 > 2.Problem Definition > Bug mounting arbitrary volumes into a Docker container can be a security risk. > 3.Possible solutions > one approach to provide safe mounts is to allow the cluster administrator to configure a set of parent directories as white list mounting directories. > Add a property named yarn.nodemanager.volume-mounts.white-list, when container executor do mount checking, only the allowed directories or sub-directories can be mounted. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: yarn-issues-help@hadoop.apache.org