[ https://issues.apache.org/jira/browse/MESOS-9771?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Peach reassigned MESOS-9771: ---------------------------------- Assignee: James Peach | [r/70678|https://reviews.apache.org/r/70678] | Add containerizer support for masking paths. | > Mask sensitive procfs paths. > ---------------------------- > > Key: MESOS-9771 > URL: https://issues.apache.org/jira/browse/MESOS-9771 > Project: Mesos > Issue Type: Improvement > Components: containerization > Reporter: James Peach > Assignee: James Peach > Priority: Major > > We already have a set of procfs paths that we mark read-only in the > containerizer, but there are additional paths that are considered sensitive > by other containerizers and are masked altogether: > {noformat} > "/proc/asound" > "/proc/acpi" > "/proc/kcore" > "/proc/keys" > "/proc/latency_stats" > "/proc/timer_list" > "/proc/timer_stats" > "/proc/sched_debug" > "/sys/firmware" > "/proc/scsi" > {noformat} > Masking is done by mounting {{/dev/null}} on files, and an empty, readonly > {{tmpfs}} on directories. -- This message was sent by Atlassian JIRA (v7.6.3#76005)