Yan Xu created MESOS-3467:
-----------------------------
Summary: Provide the users with a fully writable filesystem
Key: MESOS-3467
URL: https://issues.apache.org/jira/browse/MESOS-3467
Project: Mesos
Issue Type: Story
Reporter: Yan Xu
In the first phase of filesystem provisioning and isolation we are disallowing
(or at least should, especially in the case of CopyBackend) users to write
outside the sandbox without explicitly mounting specific volumes into the
container. We do this even when OverlayBackend can potentially support a empty
writable top layer.
However in the real world use of containers (and for people coming from the VM
world), users and applications often are used to being able to write to the
full filesystem (restricted by plain file system permissions) with reasons
ranging from applications being non-portable (filesystem-wise) to the need to
do custom installs at run time to system directories (inside its container).
In general, it's a good practice to restrict the application to write to
confined locations and software dependencies can be managed through
pre-packaged layers but these often introduce a high entry barrier for users.
We should discuss a solution that gives the users the option to write to a full
filesystem with a filesystem layer on top of provisioned images and optionally
enable persistence of that layer through persistent volumes. This has
implication in the management of user namespaces and resource reservations and
requires a thorough design.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
