[ https://issues.apache.org/jira/browse/MESOS-9768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16834357#comment-16834357 ]
James Peach commented on MESOS-9768: ------------------------------------ /cc [~jieyu] @gilbert > Allow operators to mount the container rootfs with the `nosuid` flag > -------------------------------------------------------------------- > > Key: MESOS-9768 > URL: https://issues.apache.org/jira/browse/MESOS-9768 > Project: Mesos > Issue Type: Improvement > Components: containerization > Reporter: James Peach > Priority: Major > > If cluster users are allowed to launch containers with arbitrary images, > those images may container setuid programs. For security reasons (auditing, > privilege escalation), operators may wish to ensure that setuid programs > cannot be used within a container. > > We should provide a way for operators to be able to specify that container > volumes (including `/`0 should be mounted with the `nosuid` flag. -- This message was sent by Atlassian JIRA (v7.6.3#76005)