[ https://issues.apache.org/jira/browse/MESOS-5615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15332377#comment-15332377 ]
Till Toenshoff commented on MESOS-5615: --------------------------------------- After a quick discussion among [~vinodkone], [~js84] and [~jvanremoortere] we decided to go with: - copy all labels and similar metadata from {{TaskInfo}} into the derived {{ExecutorInfo}}. > When using command executor, the ExecutorInfo is useless for sandbox > authorization > ---------------------------------------------------------------------------------- > > Key: MESOS-5615 > URL: https://issues.apache.org/jira/browse/MESOS-5615 > Project: Mesos > Issue Type: Bug > Components: modules, security, slave > Affects Versions: 1.0.0 > Reporter: Alexander Rojas > Assignee: Alexander Rojas > Priority: Blocker > Labels: authorization, mesosphere, modularization, security > Fix For: 1.0.0 > > > The design for sandbox access authorization uses the {{ExecutorInfo}} > associated with the task as the main authorization space and the > {{FrameworkInfo}} as a secondary one. This allows module writes to use fields > such a labels for authorization. > When a task uses the _command executor_ it doesn't provide an > {{ExecutorInfo}}, but the info object is generated automatically inside the > agent. As such, information which could be used for authorization (e.g. > labels) is not available for authorization. -- This message was sent by Atlassian JIRA (v6.3.4#6332)