James Peach created MESOS-9768:
----------------------------------
Summary: Allow operators to mount the container rootfs with the
`nosuid` flag
Key: MESOS-9768
URL: https://issues.apache.org/jira/browse/MESOS-9768
Project: Mesos
Issue Type: Improvement
Components: containerization
Reporter: James Peach
If cluster users are allowed to launch containers with arbitrary images, those
images may container setuid programs. For security reasons (auditing, privilege
escalation), operators may wish to ensure that setuid programs cannot be used
within a container.
We should provide a way for operators to be able to specify that container
volumes (including `/`0 should be mounted with the `nosuid` flag.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
