Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-9770

Add no-new-privileges isolator.

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.9.0
    • containerization
    • None

    Description

      To give security-minded operators more defense in depth, add a linux/nnp isolator that sets the no-new-privileges bit before starting the executor.

      Attachments

        Issue Links

          is required by

          Improvement - An improvement or enhancement to an existing feature or task. MESOS-9898 Add framework control over the no-new-privileges flag.

          • Major - Major loss of function.
          • Open

          Activity

            People

              jjanco Jacob Janco
              jamespeach James Peach
              James Peach James Peach
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: