Silas Snider created MESOS-7268:
-----------------------------------
Summary: CNI isolator should mount network related /etc/* files in
readonly mode
Key: MESOS-7268
URL: https://issues.apache.org/jira/browse/MESOS-7268
Project: Mesos
Issue Type: Bug
Components: containerization, network
Reporter: Silas Snider
Assignee: Silas Snider
The CNI isolator bind mounts, even for containers using host networking,
several files from /etc, such as resolv.conf. These should be mounted as
readonly inside the container to prevent users running inside the container as
root from being able to affect the external machine.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
