[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16255850#comment-16255850
]
Eric Yang commented on YARN-5534:
-
[~shaneku...@gmail.com][~ebadger] . Thanks for the input. I open a
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16255681#comment-16255681
]
Shane Kumpf commented on YARN-5534:
---
{code}
We can check the origin of the docker image, if it comes from
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16255612#comment-16255612
]
Eric Badger commented on YARN-5534:
---
Arbitrary docker images will need to be handled separately than what
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16255583#comment-16255583
]
Eric Yang commented on YARN-5534:
-
[~ebadger] [~shaneku...@gmail.com] In YARN-7430, there was mentioned how
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16219238#comment-16219238
]
Eric Yang commented on YARN-5534:
-
[~shaneku...@gmail.com] It doesn't look like YARN-6623 contain all
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16208475#comment-16208475
]
Eric Badger commented on YARN-5534:
---
[~eyang], ah yes good point. I'll try and take a look at those unit
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16208161#comment-16208161
]
Eric Yang commented on YARN-5534:
-
[~ebadger] YARN-6623 is committed, but there seems to have some issues
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16208102#comment-16208102
]
Hadoop QA commented on YARN-5534:
-
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem ||
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16208099#comment-16208099
]
Eric Badger commented on YARN-5534:
---
I think that we can close this as it's been completely superceded by
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16179209#comment-16179209
]
Eric Yang commented on YARN-5534:
-
[~miklos.szeg...@cloudera.com] White list should be visible to all users
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16172102#comment-16172102
]
Miklos Szegedi commented on YARN-5534:
--
Thank you, [~eyang] for sharing your thoughts. Sorry, I am
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16170803#comment-16170803
]
Eric Yang commented on YARN-5534:
-
[~miklos.szeg...@cloudera.com] I think core-site.xml make most sense to
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16170610#comment-16170610
]
Miklos Szegedi commented on YARN-5534:
--
Thank you, [~eyang] for the comment. Can you please clarify
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16169188#comment-16169188
]
Eric Yang commented on YARN-5534:
-
[~miklos.szeg...@cloudera.com] It's a cute perspective, but there might
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16168728#comment-16168728
]
Miklos Szegedi commented on YARN-5534:
--
[~eyang] I would approach this from the user point of new.
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16168584#comment-16168584
]
Eric Yang commented on YARN-5534:
-
Yarn-site.xml and core-site.xml are trusted configuration from Hdoop
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16119965#comment-16119965
]
Eric Badger commented on YARN-5534:
---
bq. For example(just made up), an admin may want to mount
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16119924#comment-16119924
]
Varun Vasudev commented on YARN-5534:
-
It's going to end up being a combination. Some settings have to
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16118526#comment-16118526
]
Eric Badger commented on YARN-5534:
---
I emailed [~miklos.szeg...@cloudera.com] about this offline, but I'd
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16113231#comment-16113231
]
Miklos Szegedi commented on YARN-5534:
--
[~ebadger], only the ones that need root access.
> Allow
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16113207#comment-16113207
]
Eric Badger commented on YARN-5534:
---
So is the assumption here that yarn-site.xml is untrusted and can be
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16113114#comment-16113114
]
Miklos Szegedi commented on YARN-5534:
--
Thank you, [~shaneku...@gmail.com] and [~vinodkv] for the
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112970#comment-16112970
]
Shane Kumpf commented on YARN-5534:
---
>From a usability stand point, I have to agree with
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16112046#comment-16112046
]
Vinod Kumar Vavilapalli commented on YARN-5534:
---
bq. In general I think this is redundant.
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16111750#comment-16111750
]
Miklos Szegedi commented on YARN-5534:
--
bq. The config should be there in both the places -
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16111602#comment-16111602
]
Vinod Kumar Vavilapalli commented on YARN-5534:
---
It does look like YARN-6033 is very close.
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16111552#comment-16111552
]
Vinod Kumar Vavilapalli commented on YARN-5534:
---
bq. Quick question, should not
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16111465#comment-16111465
]
Miklos Szegedi commented on YARN-5534:
--
[~shaneku...@gmail.com], container-executor.cfg is only
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16110834#comment-16110834
]
Varun Vasudev commented on YARN-5534:
-
bq. Thank you for the patch Shane Kumpf. Quick question, should
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16110829#comment-16110829
]
Shane Kumpf commented on YARN-5534:
---
{quote}
should not white-list-volume-mounts be a setting in
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16109862#comment-16109862
]
Miklos Szegedi commented on YARN-5534:
--
Thank you for the patch [~shaneku...@gmail.com]. Quick
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16108037#comment-16108037
]
Hadoop QA commented on YARN-5534:
-
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem ||
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16093145#comment-16093145
]
Eric Badger commented on YARN-5534:
---
bq. IMO, I think that feature might be better suited as a separate
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16093026#comment-16093026
]
Shane Kumpf commented on YARN-5534:
---
Thanks [~ebadger] and [~templedf] for the feedback.
{quote}I was
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16091952#comment-16091952
]
Eric Badger commented on YARN-5534:
---
bq. Can you help me understand the use case here? While there are
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16091851#comment-16091851
]
Daniel Templeton commented on YARN-5534:
I agree with the opt-in model guarded by the admin-defined
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16091824#comment-16091824
]
Shane Kumpf commented on YARN-5534:
---
{quote}
So you're proposing having a whitelist of volumes that can
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16091749#comment-16091749
]
Eric Badger commented on YARN-5534:
---
bq. The admin will define a comma separated list of : (ro or rw)
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16089762#comment-16089762
]
Daniel Templeton commented on YARN-5534:
I don't see any need to restrict the mount point in the
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16089755#comment-16089755
]
Hadoop QA commented on YARN-5534:
-
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem ||
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16089694#comment-16089694
]
Shane Kumpf commented on YARN-5534:
---
[~ebadger] - sorry for the delay here. I'm actively working on this.
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16076690#comment-16076690
]
Eric Badger commented on YARN-5534:
---
Any update on this?
> Allow whitelisted volume mounts
>
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16068231#comment-16068231
]
Shane Kumpf commented on YARN-5534:
---
Thanks, [~luhuichun]!
> Allow whitelisted volume mounts
>
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16068018#comment-16068018
]
luhuichun commented on YARN-5534:
-
[~shaneku...@gmail.com] ok it's ok for me
> Allow whitelisted volume
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15989104#comment-15989104
]
Shane Kumpf commented on YARN-5534:
---
[~luhuichun] [~tangzhankun] - We're close on this one. Would you
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15684542#comment-15684542
]
Shane Kumpf commented on YARN-5534:
---
Thanks for the patch [~luhuichun]!
I agree with [~templedf].
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15684333#comment-15684333
]
Daniel Templeton commented on YARN-5534:
{{validateMount()}} already rejects anything that isn't a
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15681517#comment-15681517
]
luhuichun commented on YARN-5534:
-
yes, Daniel. YARN-4595 and YARN-5298 only mounts localized directories.
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15681421#comment-15681421
]
Daniel Templeton commented on YARN-5534:
Thanks for posting the patch, [~luhuichun]. Sorry for
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15647920#comment-15647920
]
Varun Vasudev commented on YARN-5534:
-
[~luhuichun] - can you please address the issues in the Jenkins
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15646911#comment-15646911
]
Hadoop QA commented on YARN-5534:
-
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem ||
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15466568#comment-15466568
]
luhuichun commented on YARN-5534:
-
[~sidharta-s][~vvasudev]
> Allow whitelisted volume mounts
>
[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15426566#comment-15426566
]
Daniel Templeton commented on YARN-5534:
A good use case for this is mounting in the Hadoop
53 matches
Mail list logo