+alexander, adam

On Tue, Dec 12, 2017 at 11:31 AM, Yan Xu <y...@jxu.me> wrote:

> Hi,
>
> In https://issues.apache.org/jira/browse/MESOS-8306 I am proposing that we
> use an ACL to restrict the roles that agents can statically reserve
> resources for to address a security concern in which a process on a
> compromised host can impersonate an agent and then then reservation
> resources for arbitrary roles.
>
> Resuing `reserve_resources` ACL for this purpose feels intuitive to me and
> I don't think it interferes with its use for authorizing dynamic
> reservations by the frameworks and operators.
>
> Are there any concerns about it?
>
> Also as part of this change I am revising the doc to change the wording on
> static reservations so its use is not discouraged:
> https://reviews.apache.org/r/64516/diff
>
> Thanks,
> Yan
>

Reply via email to