hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Miklos Szegedi (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-7815) Mount the filecache as read-only in Docker containers
Date Fri, 26 Jan 2018 22:47:00 GMT

    [ https://issues.apache.org/jira/browse/YARN-7815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16341728#comment-16341728
] 

Miklos Szegedi commented on YARN-7815:
--------------------------------------

[~ebadger], thank you for raising this. I am just wondering whether it would be more secure
mounting 2. and appcache/filecache read only but not mounting 4. This would improve security
by not letting apps view and modify each others directories. One reason to containerize is
to isolate apps from each other, is not it?

> Mount the filecache as read-only in Docker containers
> -----------------------------------------------------
>
>                 Key: YARN-7815
>                 URL: https://issues.apache.org/jira/browse/YARN-7815
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Shane Kumpf
>            Assignee: Shane Kumpf
>            Priority: Major
>
> Currently, when using the Docker runtime, the filecache directories are mounted read-write
into the Docker containers. Read write access is not necessary. We should make this more restrictive
by changing that mount to read-only.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message