[ https://issues.apache.org/jira/browse/MESOS-9898?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16888461#comment-16888461 ]
James Peach commented on MESOS-9898: ------------------------------------ /cc [~jjanco] > Add framework control over the no-new-privileges flag. > ------------------------------------------------------ > > Key: MESOS-9898 > URL: https://issues.apache.org/jira/browse/MESOS-9898 > Project: Mesos > Issue Type: Improvement > Components: containerization, HTTP API > Reporter: James Peach > Priority: Major > > Following on from MESOS-9770, we can add framework control over whether the > no-new-privileges flag. > The implementation is to add a `no_new_privileges` boolean to the > {{SeccompInfo}} message that will allow a framework to toggle it on and off. > This means that the seccomp isolator must be ordered after the nnp isolator > so that it has priority (last writer wins in a protobuf merge). The nnp > isolator will still unconditionally set the flag. > Design doc: > https://docs.google.com/document/d/1x9S94-P0-nsXHGrwY4BHZ_NEC_bTFMIsDkxxaTd5Vok/edit?usp=sharing -- This message was sent by Atlassian JIRA (v7.6.14#76016)