[jira] [Commented] (YARN-5534) Allow whitelisted volume mounts

Mon, 18 Sep 2017 15:12:47 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-5534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16170803#comment-16170803
 ] 

Eric Yang commented on YARN-5534:
---------------------------------

[~miklos.szeg...@cloudera.com]  I think core-site.xml make most sense to ensure 
both hdfs and yarn can agree on same security setting even though hdfs service 
doesn't require knowledge of this today.  The idea of global white list and job 
specific white lists, have their own attractiveness.

However, I think having global white list in container-executor.cfg might be 
risky.  If the information is leaked and admin did not secure white list mount 
point properly, then the system could be vulnerable to attack.  For white list, 
more eye balls can examine the configuration, would make the system more 
secure.  On the other hand, if a black list is to be implemented, then it might 
have advantage to be in container-executor.cfg and readable by root only.  
Basic security through obscurity can be performed with some level of 
effectiveness.

> Allow whitelisted volume mounts 
> --------------------------------
>
>                 Key: YARN-5534
>                 URL: https://issues.apache.org/jira/browse/YARN-5534
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn
>            Reporter: luhuichun
>            Assignee: Shane Kumpf
>         Attachments: YARN-5534.001.patch, YARN-5534.002.patch, 
> YARN-5534.003.patch
>
>
> Introduction 
> Mounting files or directories from the host is one way of passing 
> configuration and other information into a docker container. 
> We could allow the user to set a list of mounts in the environment of 
> ContainerLaunchContext (e.g. /dir1:/targetdir1,/dir2:/targetdir2). 
> These would be mounted read-only to the specified target locations. This has 
> been resolved in YARN-4595
> 2.Problem Definition
> Bug mounting arbitrary volumes into a Docker container can be a security risk.
> 3.Possible solutions
> one approach to provide safe mounts is to allow the cluster administrator to 
> configure a set of parent directories as white list mounting directories.
>  Add a property named yarn.nodemanager.volume-mounts.white-list, when 
> container executor do mount checking, only the allowed directories or 
> sub-directories can be mounted. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to