James Peach created MESOS-9769:
----------------------------------
Summary: Add direct containerized support for filesystem operations
Key: MESOS-9769
URL: https://issues.apache.org/jira/browse/MESOS-9769
Project: Mesos
Issue Type: Improvement
Components: containerization
Reporter: James Peach
When setting up the container filesystems, we use `pre_exec_commands` to make
ABI symlinks and other things. The problem with this is that, depending of the
order of operations, we may not have the full security policy in place yet, but
since we are running in the context of the container's mount namespaces, the
programs we execute are under the control of whoever built the container image.
[~jieyu] and I previously discussed adding filesystem operations to the
`ContainerLaunchInfo`. Just `ln` would be sufficient for the `cgroups` and
`linux/filesystem` isolators. Secrets and port mapping isolators need more, so
we should discuss and file new tickets if necessary.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
