Design doc: Securing Mesos Containers Using Capabilities

Jojy Varghese Fri, 01 Apr 2016 14:05:42 -0700

Hi all,
        As Mesos is adding more features to its Unified Containerizer[1], 
ability to run Mesos containers in a secure environment has been one of the top 
priorities. As an initial step, we could use Posix capabilities[2] to create a 
secure sandbox to run the Mesos containers.
        Please review the design doc that proposes how we can secure Mesos 
containers using capabilities:


https://docs.google.com/document/d/1YiTift8TQla2vq3upQr7K-riQ_pQ-FKOCOsysQJROGc/edit?usp=sharing
 
<https://docs.google.com/document/d/1YiTift8TQla2vq3upQr7K-riQ_pQ-FKOCOsysQJROGc/edit?usp=sharing>


Thanks,
Jojy


[1] http://mesos.apache.org/documentation/latest/mesos-containerizer/ 
<http://mesos.apache.org/documentation/latest/mesos-containerizer/>
[2] 
https://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/capfaq-0.2.txt
 
<https://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/capfaq-0.2.txt>

Design doc: Securing Mesos Containers Using Capabilities

Reply via email to