[ https://issues.apache.org/jira/browse/YARN-7066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16204321#comment-16204321 ]
Eric Yang commented on YARN-7066: --------------------------------- [~ebadger] Security restriction will be enforced by: # Check for sudo privileges for launching privileged container (YARN-7221) # Enforced effective uid:gid (YARN-4266) # Black listed volume (YARN-7197) # Allowed white list volume (YARN-5534) For privileged users, there is minimum restrictions. For unprivileged user, they can express path to mount, but they will be blocked to unauthorized area or by their own uid:gid privileges to file system ACL. When the listed security defects are solved, this feature will be as good as accessing local file system ACL. > Add ability to specify volumes to mount for DockerContainerRuntime > ------------------------------------------------------------------ > > Key: YARN-7066 > URL: https://issues.apache.org/jira/browse/YARN-7066 > Project: Hadoop YARN > Issue Type: Sub-task > Components: yarn-native-services > Affects Versions: 3.0.0-beta1 > Reporter: Eric Yang > Attachments: YARN-7066.001.patch, YARN-7066.002.patch > > > Yarnfile describes environment, docker image, and configuration template for > launching docker containers in YARN. It would be nice to have ability to > specify the volumes to mount. This can be used in combination to > AMBARI-21748 to mount HDFS as data directories to docker containers. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org