[
https://issues.apache.org/jira/browse/YARN-7066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16144627#comment-16144627
]
Eric Yang commented on YARN-7066:
---------------------------------
[~ebadger] Yes, I agree.
[[email protected]] I think this is better solution than predefined white
list. Majority of docker image have arbitrary defined path for storing
stateful data. Predefined white list will not cover all of them. Hence, using
user defined volumes is superior solution to YARN-5534. Given that YARN-4266
is applied to govern security of unix process owner. Hence, mounting would not
generate security hole.
YARN-6623 seems like a very big patch for privileged on/off. It looks like
attempt to shift java logic to c code. C code is running with root privileges,
it would be better to keep privileged code simple to reduce security hole. I
can wait for YARN-6623 to be completed then update this JIRA to use the new
code.
> Add ability to specify volumes to mount for DockerContainerRuntime
> ------------------------------------------------------------------
>
> Key: YARN-7066
> URL: https://issues.apache.org/jira/browse/YARN-7066
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: yarn-native-services
> Affects Versions: 3.0.0-beta1
> Reporter: Eric Yang
> Attachments: YARN-7066.001.patch
>
>
> Yarnfile describes environment, docker image, and configuration template for
> launching docker containers in YARN. It would be nice to have ability to
> specify the volumes to mount. This can be used in combination to
> AMBARI-21748 to mount HDFS as data directories to docker containers.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
