[
https://issues.apache.org/jira/browse/YARN-4595?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15220585#comment-15220585
]
Vinod Kumar Vavilapalli commented on YARN-4595:
-----------------------------------------------
bq. What's preventing users from mounting files and file systems they shouldn't
have access to?
If we just restrict ourselves to accessing distributed-cache files inside a
docker container, we can simply inherit the permission model that we already
have there - essentially you cannot mount files that you don't already have
access to in the dist-cache and the remote FS.
> Add support for configurable read-only mounts
> ---------------------------------------------
>
> Key: YARN-4595
> URL: https://issues.apache.org/jira/browse/YARN-4595
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: yarn
> Reporter: Billie Rinaldi
> Assignee: Billie Rinaldi
> Attachments: YARN-4595.1.patch, YARN-4595.2.patch
>
>
> Mounting files or directories from the host is one way of passing
> configuration and other information into a docker container. We could allow
> the user to set a list of mounts in the environment of ContainerLaunchContext
> (e.g. /dir1:/targetdir1,/dir2:/targetdir2). These would be mounted read-only
> to the specified target locations.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
