[ https://issues.apache.org/jira/browse/MESOS-8654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16392339#comment-16392339 ]
Jason Lai commented on MESOS-8654: ---------------------------------- Oh I forgot to mention, also it is absolutely necessary to remount {{/proc/sysrq-trigger}} as read-only. Otherwise users can [perform malicious operations|https://en.wikipedia.org/wiki/Magic_SysRq_key] like rebooting the host. > The `/proc/sys` mount point in Mesos containers should also include > `nosuid,noexec,nodev` mount options. > -------------------------------------------------------------------------------------------------------- > > Key: MESOS-8654 > URL: https://issues.apache.org/jira/browse/MESOS-8654 > Project: Mesos > Issue Type: Bug > Components: containerization, security > Reporter: Jason Lai > Assignee: Jason Lai > Priority: Minor > Labels: easyfix, patch, security > > After {{/proc/sys}} gets remounted as read-only in a Mesos container, its > mount options becomes {{ro,relatime}} only. It needs to share other mount > options of {{/proc}}, including {{nosuid,noexec,nodev}} for security reasons. > Additional questions: shall we also sandbox other important system mount > points, like Systemd does with > [{{ProtectSystem=}}|https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem=] > (or at least > [{{ProtectKernelTunables=}}|https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelTunables=]) > and Docker does with {{docker run}} without {{--privileged}}? -- This message was sent by Atlassian JIRA (v7.6.3#76005)