Jie Yu created MESOS-7653:
-----------------------------

             Summary: Support launching slave using unprivileged user.
                 Key: MESOS-7653
                 URL: https://issues.apache.org/jira/browse/MESOS-7653
             Project: Mesos
          Issue Type: Improvement
            Reporter: Jie Yu
            Priority: Minor


This ticket captures the work needed to support launching agent using 
unprivileged user.

1) The agent binary needs to have file capabilities set. Given agent needs to 
manipulate cgroups (if using linux launcher or cgroups isolator) and clone 
namespaces (if using linux launcher), CAP_SYS_ADMIN capability must be in agent 
process's effective set. Either the "Effective" bit should be set on the agent 
binary so that the permitted capabilities gained on exec'ing the binary will be 
put into the effective set of the agent process automatically, or the agent 
will raise the capability itself as long as the capabilities are in the 
permitted set.

2) Since the launch of the user task will be done by `mesos-containerizer` 
binary. Either the agent will raise ambient capabilities (using prctl 
PR_CAP_AMBIENT_RAISE), or we need to make sure `mesos-containerizer` binary 
have file capabilities set so that it is able to do thing like `setuid` after 
agent exec'ed the helper. That means the agent process should have those 
required capabilities in its inheritable set (at least) and permitted set if 
ambient capabilities route is chosen.

3) If linux capabilities isolator is enabled, in order for the framework to 
gain any capabilities they like, the process launching the agent process should 
have all capabilities in its inheritable set and its bounding set so that those 
capabilities can be regain later.




http://man7.org/linux/man-pages/man7/capabilities.7.html



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to