I saw CoreOS integrated with SELinux to enforce fine-grained permissions for Docker since 808.0.0 release https://coreos.com/blog/container-security-selinux-coreos/ Hope this helpful for your security concern.
On Wed, Sep 30, 2015 at 10:04 PM, Aaron Carey <[email protected]> wrote: > We run both our Master and Agent processes as docker containers.. it works > well although we don't have strict security requirements.. > > ------------------------------ > *From:* Krish [[email protected]] > *Sent:* 30 September 2015 13:58 > *To:* [email protected] > *Subject:* Mesos slave in docker container > > > I see that we can run mesos-slave in a privileged docker container. I also > see tutorials online for guidance. > However, I am curious to know the pros & cons of such an approach. > > Pros: Containerization helps, & can help in running on various server > distros. > Cons: Security is one. Any way to solve it? > > Are there any others that I am unaware of? > > Thanks. > > -- > κρισhναν > n00b on mesos > > -- Best Regards, Haosdent Huang
