You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Adam B (JIRA)" <ji...@apache.org> on 2015/12/01 18:31:11 UTC
[jira] [Commented] (MESOS-3787) As a developer, I'd like to be able
to expand environment variables through the Docker executor.
[ https://issues.apache.org/jira/browse/MESOS-3787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15034131#comment-15034131 ]
Adam B commented on MESOS-3787:
-------------------------------
Please allow me to express a potential security concern. I hope that our eventual solution addresses this.
If the variable expansion happens as a part of the slave process, run as root, we must ensure that it isn't able to actually execute a command as root or view variable contents that only root should see, since the variable/config is set by the framework, not an admin. Rather, the expansion should happen as the TaskInfo.user/FrameworkInfo.user, so that {code}"containerPath": "/data/${USER}"
"hostPath": "${HOME}"{code} should use the task user's name/home, not 'root'.
> As a developer, I'd like to be able to expand environment variables through the Docker executor.
> ------------------------------------------------------------------------------------------------
>
> Key: MESOS-3787
> URL: https://issues.apache.org/jira/browse/MESOS-3787
> Project: Mesos
> Issue Type: Wish
> Reporter: John Garcia
> Labels: mesosphere
> Attachments: mesos.patch, test-example.json
>
>
> We'd like to have expanded variables usable in [the json files used to create a Marathon app, hence] the Task's CommandInfo, so that the executor is able to detect the correct values at runtime.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)