James Peach created MESOS-9771:
----------------------------------
Summary: Mask sensitive procfs paths.
Key: MESOS-9771
URL: https://issues.apache.org/jira/browse/MESOS-9771
Project: Mesos
Issue Type: Improvement
Components: containerization
Reporter: James Peach
We already have a set of procfs paths that we mark read-only in the
containerizer, but there are additional paths that are considered sensitive by
other containerizers and are masked altogether:
{noformat}
"/proc/asound"
"/proc/acpi"
"/proc/kcore"
"/proc/keys"
"/proc/latency_stats"
"/proc/timer_list"
"/proc/timer_stats"
"/proc/sched_debug"
"/sys/firmware"
"/proc/scsi"
{noformat}
Masking is done by mounting {{/dev/null}} on files, and an empty, readonly
{{tmpfs}} on directories.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
