[
https://issues.apache.org/jira/browse/MESOS-5153?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15303836#comment-15303836
]
Adam B commented on MESOS-5153:
-------------------------------
Still reviewing: ACCESS_MESOS_LOGS
https://reviews.apache.org/r/47921/
In addition, we'll need to update the files endpoint help (and autogenerated
endpoint docs), and perhaps authorization.md.
> Sandboxes contents should be protected from unauthorized users
> --------------------------------------------------------------
>
> Key: MESOS-5153
> URL: https://issues.apache.org/jira/browse/MESOS-5153
> Project: Mesos
> Issue Type: Bug
> Components: security, slave
> Reporter: Alexander Rojas
> Assignee: Alexander Rojas
> Labels: mesosphere, security
> Fix For: 0.29.0
>
>
> MESOS-4956 introduced authentication support for the sandboxes. However,
> authentication can only go as far as to tell whether an user is known to
> mesos or not. An extra additional step is necessary to verify whether the
> known user is allowed to executed the requested operation on the sandbox
> (browse, read, download, debug).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
