What does you app definition look like? Do you just call docker run from the cmd? That wouldn't be a surprise then, because the CommandExecutor can execute any command the user could. The Docker containerizer takes a ContainerInfo instead and calls docker for you.
Cheers, Dario > On 25.02.2015, at 00:27, Michael Neale <[email protected]> wrote: > > I setup a vanilla basic cluster - but also put docker on the mesos slaves - > and ran marathon (I used the mesophere packages for ubuntu). > > I noted using the default settings of the "mesos" containerizer I could > access the docker daemon, run containers etc - which surprised me - is this > expected? I (and others) assumed that it would not have such access. What can > I expect to get access to typically? does it depend on ACL/other > configurations? > >
