[ https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16091851#comment-16091851 ]
Daniel Templeton commented on YARN-5534: ---------------------------------------- I agree with the opt-in model guarded by the admin-defined whitelist. I also fail to see the use case for admin-enforced mounts. The nature of a container is that it's inscrutable by the system, so there's no telling what's in there or whether any given mount point makes any sense. Given that these mounts are read-only and wholly at the discretion of the admin, I don't see that it should be much of a risk. The main use case for the feature is to make the Hadoop directory mountable by the container, and I see no risk there. As long as we clearly document the risks in the feature docs, I don't see the need to add training wheels to try to keep admins from shooting themselves in the foot. > Allow whitelisted volume mounts > -------------------------------- > > Key: YARN-5534 > URL: https://issues.apache.org/jira/browse/YARN-5534 > Project: Hadoop YARN > Issue Type: Sub-task > Components: yarn > Reporter: luhuichun > Assignee: Shane Kumpf > Attachments: YARN-5534.001.patch, YARN-5534.002.patch > > > Introduction > Mounting files or directories from the host is one way of passing > configuration and other information into a docker container. > We could allow the user to set a list of mounts in the environment of > ContainerLaunchContext (e.g. /dir1:/targetdir1,/dir2:/targetdir2). > These would be mounted read-only to the specified target locations. This has > been resolved in YARN-4595 > 2.Problem Definition > Bug mounting arbitrary volumes into a Docker container can be a security risk. > 3.Possible solutions > one approach to provide safe mounts is to allow the cluster administrator to > configure a set of parent directories as white list mounting directories. > Add a property named yarn.nodemanager.volume-mounts.white-list, when > container executor do mount checking, only the allowed directories or > sub-directories can be mounted. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org