mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Peach (JIRA)" <>
Subject [jira] [Commented] (MESOS-8332) Narrow the container sandbox permissions.
Date Thu, 14 Dec 2017 01:17:03 GMT


James Peach commented on MESOS-8332:

In tests, I notice that {{chown}} on the executor sandbox path logs a warning but doesn't
cause a failure, but {{chown}} on nested and standalone container paths fails the container.
There might be some compatibility concern around making this behavior consistent since frameworks
can currently be sloppy with their user names without failing.

> Narrow the container sandbox permissions.
> -----------------------------------------
>                 Key: MESOS-8332
>                 URL:
>             Project: Mesos
>          Issue Type: Improvement
>          Components: containerization
>            Reporter: James Peach
>            Assignee: James Peach
>            Priority: Minor
> Sandboxes are currently created with 0755 permissions, which allows anyone with local
machine access to inspect their contents. We should make them 0750 to limit access to the
owning user and group.

This message was sent by Atlassian JIRA

View raw message