Jay Buffington created MESOS-2542:
-------------------------------------
Summary: mesos containerizer should not allow tasks to run as root
inside scheduler specified rootfs
Key: MESOS-2542
URL: https://issues.apache.org/jira/browse/MESOS-2542
Project: Mesos
Issue Type: Technical task
Components: containerization
Reporter: Jay Buffington
If a task has root in the container it’s fairly well documented how to break
out of the chroot and get root privs outside the container. Therefore, when
the mesos containerizer specifies an arbitrary rootfs to chroot into we need to
be careful to not allow the task to get root access.
There are likely at least two options to consider here. One is user
namespaces[1] wherein the user has “root” inside the container, but outside the
container that root user is mapped to an unprivileged user. Another option is
to mount all user specified rootfs with a nosetuid flag and strictly control
/etc/passwd.
[1] https://lwn.net/Articles/532593/
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
