allow toggling switch_user on a per-framework basis
---------------------------------------------------
Key: MESOS-52
URL: https://issues.apache.org/jira/browse/MESOS-52
Project: Mesos
Issue Type: Improvement
Reporter: brian wickman
Priority: Minor
It would be handy if you could effectively enforce switch_user on a
per-framework basis rather on a per-slave basis.
For example, I can imagine running an entire cluster of slaves as root, which
by default runs executors as the users via switch_user, but then a class of
trusted frameworks privileged to run as root (e.g. operations frameworks, or
ones that require LVM mounts and such, and to whom we'd delegate the
responsibility of setuiding.)
You could have the master manage a set of secrets, and the frameworks would
connect to the master using a PKI protocol. You could even go a step further
and encrypt framework messages for those privileged frameworks.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
