You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Eric Badger (JIRA)" <ji...@apache.org> on 2019/03/01 16:17:00 UTC
[jira] [Commented] (YARN-7904) Privileged, trusted containers need
all of their bind-mounted directories to be read-only
[ https://issues.apache.org/jira/browse/YARN-7904?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16781838#comment-16781838 ]
Eric Badger commented on YARN-7904:
-----------------------------------
lgtm +1 (non-binding)
> Privileged, trusted containers need all of their bind-mounted directories to be read-only
> -----------------------------------------------------------------------------------------
>
> Key: YARN-7904
> URL: https://issues.apache.org/jira/browse/YARN-7904
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Eric Badger
> Assignee: Eric Yang
> Priority: Major
> Labels: Docker
> Attachments: YARN-7904.001.patch, YARN-7904.004.patch, YARN-7904.005.patch, YARN-7904.006.patch, YARN-8805.002.patch, YARN-8805.003.patch
>
>
> Since they will be running as some other user than themselves, the NM likely won't be able to clean up after them because of permissions issues. So, to prevent this, we should make these directories read-only.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org