[
https://issues.apache.org/jira/browse/MESOS-8332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16290181#comment-16290181
]
James Peach commented on MESOS-8332:
------------------------------------
In tests, I notice that {{chown}} on the executor sandbox path logs a warning
but doesn't cause a failure, but {{chown}} on nested and standalone container
paths fails the container. There might be some compatibility concern around
making this behavior consistent since frameworks can currently be sloppy with
their user names without failing.
> Narrow the container sandbox permissions.
> -----------------------------------------
>
> Key: MESOS-8332
> URL: https://issues.apache.org/jira/browse/MESOS-8332
> Project: Mesos
> Issue Type: Improvement
> Components: containerization
> Reporter: James Peach
> Assignee: James Peach
> Priority: Minor
>
> Sandboxes are currently created with 0755 permissions, which allows anyone
> with local machine access to inspect their contents. We should make them 0750
> to limit access to the owning user and group.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
