Hi, In https://issues.apache.org/jira/browse/MESOS-8306 I am proposing that we use an ACL to restrict the roles that agents can statically reserve resources for to address a security concern in which a process on a compromised host can impersonate an agent and then then reservation resources for arbitrary roles.
Resuing `reserve_resources` ACL for this purpose feels intuitive to me and I don't think it interferes with its use for authorizing dynamic reservations by the frameworks and operators. Are there any concerns about it? Also as part of this change I am revising the doc to change the wording on static reservations so its use is not discouraged: https://reviews.apache.org/r/64516/diff Thanks, Yan
