[
https://issues.apache.org/jira/browse/YARN-8642?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16592363#comment-16592363
]
Eric Yang commented on YARN-8642:
---------------------------------
Overall, patch 2 looks promising. I have a few basic questions. YARN supports
launching container as non-privileged user. In Redhat, tmpfs is automatically
created for /run and /run/users/$uid. How to automate mounting of
/run/users/$uid with the current implementation? Do we need to restrict tmpfs
mode to 700 or 770 to make it more secure?
> Add support for tmpfs mounts with the Docker runtime
> ----------------------------------------------------
>
> Key: YARN-8642
> URL: https://issues.apache.org/jira/browse/YARN-8642
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Shane Kumpf
> Assignee: Craig Condit
> Priority: Major
> Labels: Docker
> Attachments: YARN-8642.001.patch, YARN-8642.002.patch
>
>
> Add support to the existing Docker runtime to allow the user to request tmpfs
> mounts for their containers. For example:
> {code}/usr/bin/docker run --name=container_name --tmpfs /run image
> /bootstrap/start-systemd
> {code}
> One use case is to allow systemd to run as PID 1 in a non-privileged
> container, /run is expected to be a tmpfs mount in the container for that to
> work.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
