James Peach created MESOS-9349:
----------------------------------
Summary: Prevent ptracing of container management processes.
Key: MESOS-9349
URL: https://issues.apache.org/jira/browse/MESOS-9349
Project: Mesos
Issue Type: Bug
Components: containerization, security
Reporter: James Peach
The container launcher and the built-in executors are (at least partially)
accessible to containerized user tasks. Since these processes may contain
secrets or hold privileged resources, we can increase the difficulty of
attacking them by preventing user tasks attaching to them with ptrace(2). This
amounts to calling `prctl(PR_SET_DUMPABLE, 0)`.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
