[
https://issues.apache.org/jira/browse/MESOS-3467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14908137#comment-14908137
]
Artem Harutyunyan commented on MESOS-3467:
------------------------------------------
Can we please get a shepherd for this ticket?
> Provide the users with a fully writable filesystem
> --------------------------------------------------
>
> Key: MESOS-3467
> URL: https://issues.apache.org/jira/browse/MESOS-3467
> Project: Mesos
> Issue Type: Story
> Reporter: Yan Xu
>
> In the first phase of filesystem provisioning and isolation we are
> disallowing (or at least should, especially in the case of CopyBackend) users
> to write outside the sandbox without explicitly mounting specific volumes
> into the container. We do this even when OverlayBackend can potentially
> support a empty writable top layer.
> However in the real world use of containers (and for people coming from the
> VM world), users and applications often are used to being able to write to
> the full filesystem (restricted by plain file system permissions) with
> reasons ranging from applications being non-portable (filesystem-wise) to the
> need to do custom installs at run time to system directories (inside its
> container).
> In general, it's a good practice to restrict the application to write to
> confined locations and software dependencies can be managed through
> pre-packaged layers but these often introduce a high entry barrier for users.
> We should discuss a solution that gives the users the option to write to a
> full filesystem with a filesystem layer on top of provisioned images and
> optionally enable persistence of that layer through persistent volumes. This
> has implication in the management of user namespaces and resource
> reservations and requires a thorough design.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
