[
https://issues.apache.org/jira/browse/MESOS-3787?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15034131#comment-15034131
]
Adam B commented on MESOS-3787:
-------------------------------
Please allow me to express a potential security concern. I hope that our
eventual solution addresses this.
If the variable expansion happens as a part of the slave process, run as root,
we must ensure that it isn't able to actually execute a command as root or view
variable contents that only root should see, since the variable/config is set
by the framework, not an admin. Rather, the expansion should happen as the
TaskInfo.user/FrameworkInfo.user, so that {code}"containerPath": "/data/${USER}"
"hostPath": "${HOME}"{code} should use the task user's name/home, not 'root'.
> As a developer, I'd like to be able to expand environment variables through
> the Docker executor.
> ------------------------------------------------------------------------------------------------
>
> Key: MESOS-3787
> URL: https://issues.apache.org/jira/browse/MESOS-3787
> Project: Mesos
> Issue Type: Wish
> Reporter: John Garcia
> Labels: mesosphere
> Attachments: mesos.patch, test-example.json
>
>
> We'd like to have expanded variables usable in [the json files used to create
> a Marathon app, hence] the Task's CommandInfo, so that the executor is able
> to detect the correct values at runtime.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
