[
https://issues.apache.org/jira/browse/MESOS-9908?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gilbert Song reassigned MESOS-9908:
-----------------------------------
Assignee: Gilbert Song
> Introduce a new agent flag and support docker volume chown to task user.
> ------------------------------------------------------------------------
>
> Key: MESOS-9908
> URL: https://issues.apache.org/jira/browse/MESOS-9908
> Project: Mesos
> Issue Type: Improvement
> Components: containerization
> Reporter: Gilbert Song
> Assignee: Gilbert Song
> Priority: Major
> Labels: containerization
>
> Currently, docker volume is always mounted as root, which is not accessible
> by non-root task users. For security concerns, there are use cases that
> operator may only allow non-root users to run as container user and docker
> volume needs to be supported for those non-root users.
> A new agent flag is needed to make this support configurable, because
> chown-ing a docker volume may be limited to some use case - e.g., multiple
> non-root users on different hosts sharing the same docker volume
> simultaneously. Operators are expected to turn on this flag if their
> cluster's docker volume is not shared by multiple non-root users.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
