Hi, We've been contemplating using Mesos at the company I work for. Basically we would be writing our own framework, and various users would submit jobs to it. However a remaining problem to us is the security model: anyone which is allowed to connect to the Mesos cluster can start tasks as any user - by setting the "user" in the CommandInfo. Which means that the whole framework code would basically have to be trusted, which would be problematic for various reasons. Is there no better way to ensure that a task is actually executed by the submitting user?
1. A potential solution would be to write a standalone audited proxy process which would validate the submitted TaskInfo and forward it to the Mesos cluster, but it's a bit awkward. 2. Another potential solution involves a custom executor: for example we want to write our own executor anyway to have end-to-end validation of user commands, i.e. have each user sign its job before submitting it, and have the executor validate the signature and check it's running as the correct user before executing the task. The above problem would be solved if there was a way to restrict the agents to only execute this trusted executor - is that possible short of hacking the source code? Any suggestion is welcome! Cheers, Charles
