Alexander Rojas created MESOS-5615:
--------------------------------------
Summary: When using command executor, the ExecutorInfo is useless
for sandbox authorization
Key: MESOS-5615
URL: https://issues.apache.org/jira/browse/MESOS-5615
Project: Mesos
Issue Type: Bug
Components: modules, security, slave
Reporter: Alexander Rojas
The design for sandbox access authorization uses the {{ExecutorInfo}}
associated with the task as the main authorization space and the
{{FrameworkInfo}} as a secondary one. This allows module writes to use fields
such a labels for authorization.
When a task uses the _command executor_ it doesn't provide an {{ExecutorInfo}},
but the info object is generated automatically inside the agent. As such,
information which could be used for authorization (e.g. labels) is not
available for authorization.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
