mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yan Xu (JIRA)" <j...@apache.org>
Subject [jira] [Created] (MESOS-6526) `mesos-containerizer launch --environment` exposes executor env vars in `ps`.
Date Tue, 01 Nov 2016 22:31:58 GMT
Yan Xu created MESOS-6526:
-----------------------------

             Summary: `mesos-containerizer launch --environment` exposes executor env vars
in `ps`.
                 Key: MESOS-6526
                 URL: https://issues.apache.org/jira/browse/MESOS-6526
             Project: Mesos
          Issue Type: Bug
          Components: containerization
    Affects Versions: 1.1.0
            Reporter: Yan Xu
            Priority: Critical


With MESOS-6323, the helper {{mesos-containerizer launch}} takes a `--environment` flag for
the env vars used by the executor. This is unpleasant because its a common practice that people
use env vars to hide configs that are sensitive and not it's visible to non-root users on
the host with a {{ps}} command.

Given that we want to separate the environments of {{mesos-containerizer launch}} and the
executor itself, perhaps we can just package and serialize the executor env vars in one env
var {{MESOS_EXECUTOR_ENVIRONMENT}} and pass that to {{mesos-containerizer launch}} which could
then get it through a flag the usual way. 

In general Mesos should do more to protect env vars but I'll file separate issues for them.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message