[
https://issues.apache.org/jira/browse/YARN-4595?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15225109#comment-15225109
]
Billie Rinaldi commented on YARN-4595:
--------------------------------------
bq. a) where is the filter in this patch being applied to limit it to the
distributed cache?
It doesn't exist yet; I'll work on a new patch based on this discussion.
bq. b) where is the symlink prevention code? IIRC, using one of those in the
distributed cache would allow for the docker container to be able to access
files/dirs outside of the container after the link is resolved.
If we're thinking of the same symlinks, the symlinks are created in the
launch-container.sh script, which is executed inside the docker container. So
they shouldn't be able to point to something that doesn't exist in the
container.
> Add support for configurable read-only mounts
> ---------------------------------------------
>
> Key: YARN-4595
> URL: https://issues.apache.org/jira/browse/YARN-4595
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: yarn
> Reporter: Billie Rinaldi
> Assignee: Billie Rinaldi
> Attachments: YARN-4595.1.patch, YARN-4595.2.patch
>
>
> Mounting files or directories from the host is one way of passing
> configuration and other information into a docker container. We could allow
> the user to set a list of mounts in the environment of ContainerLaunchContext
> (e.g. /dir1:/targetdir1,/dir2:/targetdir2). These would be mounted read-only
> to the specified target locations.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
