I setup a vanilla basic cluster - but also put docker on the mesos slaves - and ran marathon (I used the mesophere packages for ubuntu).
I noted using the default settings of the "mesos" containerizer I could access the docker daemon, run containers etc - which surprised me - is this expected? I (and others) assumed that it would not have such access. What can I expect to get access to typically? does it depend on ACL/other configurations?
