Alexander Rojas created MESOS-5615: -------------------------------------- Summary: When using command executor, the ExecutorInfo is useless for sandbox authorization Key: MESOS-5615 URL: https://issues.apache.org/jira/browse/MESOS-5615 Project: Mesos Issue Type: Bug Components: modules, security, slave Reporter: Alexander Rojas
The design for sandbox access authorization uses the {{ExecutorInfo}} associated with the task as the main authorization space and the {{FrameworkInfo}} as a secondary one. This allows module writes to use fields such a labels for authorization. When a task uses the _command executor_ it doesn't provide an {{ExecutorInfo}}, but the info object is generated automatically inside the agent. As such, information which could be used for authorization (e.g. labels) is not available for authorization. -- This message was sent by Atlassian JIRA (v6.3.4#6332)