You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Yan Xu (JIRA)" <ji...@apache.org> on 2015/09/18 23:32:04 UTC

[jira] [Created] (MESOS-3467) Provide the users with a fully writable filesystem

Yan Xu created MESOS-3467:
-----------------------------

             Summary: Provide the users with a fully writable filesystem
                 Key: MESOS-3467
                 URL: https://issues.apache.org/jira/browse/MESOS-3467
             Project: Mesos
          Issue Type: Story
            Reporter: Yan Xu


In the first phase of filesystem provisioning and isolation we are disallowing (or at least should, especially in the case of CopyBackend) users to write outside the sandbox without explicitly mounting specific volumes into the container. We do this even when OverlayBackend can potentially support a empty writable top layer.

However in the real world use of containers (and for people coming from the VM world), users and applications often are used to being able to write to the full filesystem (restricted by plain file system permissions) with reasons ranging from applications being non-portable (filesystem-wise) to the need to do custom installs at run time to system directories (inside its container).

In general, it's a good practice to restrict the application to write to confined locations and software dependencies can be managed through pre-packaged layers but these often introduce a high entry barrier for users.

We should discuss a solution that gives the users the option to write to a full filesystem with a filesystem layer on top of provisioned images and optionally enable persistence of that layer through persistent volumes. This has implication in the management of user namespaces and resource reservations and requires a thorough design.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)