Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-8332

Narrow the container sandbox permissions.

Attach filesAttach ScreenshotVotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 1.6.0
    • containerization
    • None

    Description

      Sandboxes are currently created with 0755 permissions, which allows anyone with local machine access to inspect their contents. We should make them 0750 to limit access to the owning user and group.

      Attachments

        Issue Links

        causes

        Bug - A problem which impairs or prevents the functions of the product. MESOS-8585 Agent crashes when starting a task with an unknown user.

        • Blocker - Blocks development and/or testing work, production could not run
        • Resolved

        Bug - A problem which impairs or prevents the functions of the product. MESOS-9531 chown error handling is incorrect in createSandboxDirectory.

        • Major - Major loss of function.
        • Resolved

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            jamespeach James Peach
            jamespeach James Peach
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment