+alexander, adam On Tue, Dec 12, 2017 at 11:31 AM, Yan Xu <y...@jxu.me> wrote:
> Hi, > > In https://issues.apache.org/jira/browse/MESOS-8306 I am proposing that we > use an ACL to restrict the roles that agents can statically reserve > resources for to address a security concern in which a process on a > compromised host can impersonate an agent and then then reservation > resources for arbitrary roles. > > Resuing `reserve_resources` ACL for this purpose feels intuitive to me and > I don't think it interferes with its use for authorizing dynamic > reservations by the frameworks and operators. > > Are there any concerns about it? > > Also as part of this change I am revising the doc to change the wording on > static reservations so its use is not discouraged: > https://reviews.apache.org/r/64516/diff > > Thanks, > Yan >