[
https://issues.apache.org/jira/browse/MESOS-7476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16002824#comment-16002824
]
James Peach edited comment on MESOS-7476 at 5/9/17 2:59 PM:
------------------------------------------------------------
I propose to only change the way the `--allowed_capabilities` flag behaves.
Currently this flag grants all capabilities because it assumes that the
effective, permitted and inheritable sets will be cleared by the exec. This
patch changes the behavior of this flag to explicitly pass the bounding set
down so that if task capabilities are not specified, a bounding set can be
applied without adding to the other capability sets.
This bears on MESOS-7477, which will raise task capabilities into the ambient
set, so we don't want `--allowed_capabilities` to actually grant those
capabilities.
was (Author: jamespeach):
I propose to only change the way the `--allowed_capabilities` flag behaves.
Currently this flag grants all capabilities because it assumes that the
effective, permitted and inheritable sets will be cleared by the exec. This
patch changes the behavior of this flag to explicitly pass the bounding set
down so that if task capabilities are not specified, a bounding set can be
applied without adding to the other capability sets.
> Restrict capabilities to only the bounding set.
> -----------------------------------------------
>
> Key: MESOS-7476
> URL: https://issues.apache.org/jira/browse/MESOS-7476
> Project: Mesos
> Issue Type: Bug
> Components: containerization
> Reporter: James Peach
> Assignee: James Peach
>
> As a security improvement, it would be useful to be able to set the bounding
> capability set without also granting those capabilities. This is what the
> {{--allowed_capabilities}} flag sounds like it does.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
