Details
-
Task
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
None
-
None
-
None
-
None
-
Linux Only
Description
Operator of Mesos cluster should be able to enforce a set of Seccomp rules on an Mesos Agent to defend against potential exploit attack through syscalls. When enabled, every container launched on the Agent would comply with the Seccomp filter otherwise being killed.
Attachments
Issue Links
- duplicates
-
MESOS-9029 Seccomp syscall filtering in Mesos containerizer
- Resolved
- relates to
-
MESOS-3277 Implement basic security isolators such as linux/apparmor or linux/seccomp
- Accepted