mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benjamin Hindman (JIRA)" <>
Subject [jira] [Commented] (MESOS-1593) Add DockerInfo Configuration
Date Wed, 16 Jul 2014 00:17:04 GMT


Benjamin Hindman commented on MESOS-1593:

IIUC, Docker forces us to launch containers as root (I'd be pleasantly surprised if there
was another way). The Docker daemon runs as root (which it must, because it's doing things
like manipulating cgroups) and I believe the process that it forks within the container is
thus root by default.

So, the best we can do is use --user=foo, but an image must be set up to actually have that
user! We can definitely do authz on that user, although it's a little different than a user
running on the host and I'm not sure exactly what doing authz buys us.

(Eventually I believe the hope is that containers will be safe enough that giving them root
from within their container will be safe, even if it's not today.)

> Add DockerInfo Configuration
> ----------------------------
>                 Key: MESOS-1593
>                 URL:
>             Project: Mesos
>          Issue Type: Task
>            Reporter: Timothy Chen
>            Assignee: Timothy Chen
> We want to add a new proto message to encapsulate all Docker related configurations into
> Here is the document that describes the design for DockerInfo:

This message was sent by Atlassian JIRA

View raw message