[
https://issues.apache.org/jira/browse/MESOS-9771?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James Peach reassigned MESOS-9771:
----------------------------------
Assignee: James Peach
| [r/70678|https://reviews.apache.org/r/70678] | Add containerizer support for
masking paths. |
> Mask sensitive procfs paths.
> ----------------------------
>
> Key: MESOS-9771
> URL: https://issues.apache.org/jira/browse/MESOS-9771
> Project: Mesos
> Issue Type: Improvement
> Components: containerization
> Reporter: James Peach
> Assignee: James Peach
> Priority: Major
>
> We already have a set of procfs paths that we mark read-only in the
> containerizer, but there are additional paths that are considered sensitive
> by other containerizers and are masked altogether:
> {noformat}
> "/proc/asound"
> "/proc/acpi"
> "/proc/kcore"
> "/proc/keys"
> "/proc/latency_stats"
> "/proc/timer_list"
> "/proc/timer_stats"
> "/proc/sched_debug"
> "/sys/firmware"
> "/proc/scsi"
> {noformat}
> Masking is done by mounting {{/dev/null}} on files, and an empty, readonly
> {{tmpfs}} on directories.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
