You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Adam B (JIRA)" <ji...@apache.org> on 2016/04/14 01:44:25 UTC

[jira] [Commented] (MESOS-1790) Add "chown" option to CommandInfo.URI

    [ https://issues.apache.org/jira/browse/MESOS-1790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15240262#comment-15240262 ] 

Adam B commented on MESOS-1790:
-------------------------------

[~jieyu] recently brought to my attention the container security work going on in MESOS-4936, which will allow a framework to explicitly request to have SETUID capability on its containers. In that case, its ok that Mesos chown those binaries, because the executor process will still have the capability to do setuid.
The capabilities work will hopefully land in 0.29.
See https://docs.google.com/document/d/1YiTift8TQla2vq3upQr7K-riQ_pQ-FKOCOsysQJROGc/edit#

> Add "chown" option to CommandInfo.URI
> -------------------------------------
>
>                 Key: MESOS-1790
>                 URL: https://issues.apache.org/jira/browse/MESOS-1790
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: Vinod Kone
>            Assignee: Jim Klucar
>              Labels: myriad, newbie
>         Attachments: 0001-MESOS-1790-Adds-chown-option-to-CommandInfo.URI.patch
>
>
> Mesos fetcher always chown()s the extracted executor URIs as the executor user but sometimes this is not desirable, e.g., "setuid" bit gets lost during chown() if slave/fetcher is running as root. 
> It would be nice to give frameworks the ability to skip the chown.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)