[
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16169188#comment-16169188
]
Eric Yang commented on YARN-5534:
---------------------------------
[~miklos.szeg...@cloudera.com] It's a cute perspective, but there might be
usability issues. Today, it is possible to keep container-executor.cfg read
only to root and yarn user. Authorized and banned users are only known to root
user and yarn user. This is similar to sudoers file that managers who has
sudoers rights.
Other the other hand, file system mount points needs to be known by all users
who would like to use mount points. It would be more convenient to give
everyone read access to file system mount point file, like /etc/fstab.
If volume white list is mixed with user privileges control, then we lose some
flexibility to keep banned users a secret or we lose ability to know what mount
points can be used. With this reason, I prefer to keep white list volume
separated from container-executor.cfg for separation of duty from security
point of view.
However, black list volume maintained in container-executor.cfg, can make
attack more difficult.
> Allow whitelisted volume mounts
> --------------------------------
>
> Key: YARN-5534
> URL: https://issues.apache.org/jira/browse/YARN-5534
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: yarn
> Reporter: luhuichun
> Assignee: Shane Kumpf
> Attachments: YARN-5534.001.patch, YARN-5534.002.patch,
> YARN-5534.003.patch
>
>
> Introduction
> Mounting files or directories from the host is one way of passing
> configuration and other information into a docker container.
> We could allow the user to set a list of mounts in the environment of
> ContainerLaunchContext (e.g. /dir1:/targetdir1,/dir2:/targetdir2).
> These would be mounted read-only to the specified target locations. This has
> been resolved in YARN-4595
> 2.Problem Definition
> Bug mounting arbitrary volumes into a Docker container can be a security risk.
> 3.Possible solutions
> one approach to provide safe mounts is to allow the cluster administrator to
> configure a set of parent directories as white list mounting directories.
> Add a property named yarn.nodemanager.volume-mounts.white-list, when
> container executor do mount checking, only the allowed directories or
> sub-directories can be mounted.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
