[
https://issues.apache.org/jira/browse/MESOS-5081?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15233055#comment-15233055
]
Greg Mann commented on MESOS-5081:
----------------------------------
Have you seen this [~jieyu]? Looks like something that should be addressed soon.
> Posix disk isolator allows unrestricted sandbox disk usage if the
> executor/task doesn't specify disk resource
> -------------------------------------------------------------------------------------------------------------
>
> Key: MESOS-5081
> URL: https://issues.apache.org/jira/browse/MESOS-5081
> Project: Mesos
> Issue Type: Bug
> Components: containerization
> Reporter: Yan Xu
> Labels: mesosphere
> Fix For: 0.29.0
>
>
> This is the case even if {{flags.enforce_container_disk_quota}} is true. When
> a task/executor doesn't specify a disk resource, it still gets to write to
> the container sandbox. However the posix disk isolator doesn't limit it.
> Even though tasks always have access to the sandbox, it should be able to
> write zero bytes if it doesn't have any {{disk}} resource (it can still touch
> files). This likely will cause tasks to immediately fail due to
> stdout/stderr/executor download, etc. but should be the correct behavior
> (when {{flags.enforce_container_disk_quota}} is true).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
