Stephan Erb created MESOS-2999: ---------------------------------- Summary: Implement a linux/iptables isolator Key: MESOS-2999 URL: https://issues.apache.org/jira/browse/MESOS-2999 Project: Mesos Issue Type: Story Components: containerization, isolation Reporter: Stephan Erb
As a user of Mesos, I would like to have control over inbound and outbound network communication of a launched Mesos container. The intention is to gain improved security and isolation of user processes on the network level. *Example Usecases*: * Preventing outgoing connections to external endpoints which have not been whitelisted (e.g., deny internet connections, only allow connections to this one production database but not the others, ...) * Prevent incoming connections from external systems or containers which have not been whitelisted (e.g., don't allow a rough or even hijacked services to interfere with another service) The last usecase is somewhat tricky due to the dynamic nature of a Mesos cluster but might be achieved using the available [DiscoveryInfo|https://github.com/apache/mesos/blob/master/docs/app-framework-development-guide.md#service-discovery] (e.g., block all connections from foreign environments). -- This message was sent by Atlassian JIRA (v6.3.4#6332)