Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-5615

When using command executor, the ExecutorInfo is useless for sandbox authorization

    XMLWordPrintableJSON

Details

    Description

      The design for sandbox access authorization uses the ExecutorInfo associated with the task as the main authorization space and the FrameworkInfo as a secondary one. This allows module writes to use fields such a labels for authorization.

      When a task uses the command executor it doesn't provide an ExecutorInfo, but the info object is generated automatically inside the agent. As such, information which could be used for authorization (e.g. labels) is not available for authorization.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MESOS-5153 Sandboxes contents should be protected from unauthorized users

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              js84 Jörg Schad
              arojas Alexander Rojas
              Till Toenshoff Till Toenshoff
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: