[jira] [Commented] (MESOS-9771) Mask sensitive procfs paths.

[James Peach (JIRA)]

    [ 
https://issues.apache.org/jira/browse/MESOS-9771?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16834402#comment-16834402
 ] 

James Peach commented on MESOS-9771:
------------------------------------

Since {{/proc/keys}} gets masked, we should probably mask {{/proc/key-users}} 
too. Weird that I don't see other containerizers doing that.

My main concern with this change is compatibility with containerized services 
like CSI, that may need privileged access to the host. Masking all these paths 
for this kind of service could break them.

There are a few possible solutions:
1. Skip the masking based on properties of the launch, e.g. whether the Docker 
{{privileged}} flag is set, or whether the container is joining the host's PID 
namespace.
2. Add a flag that specified the set of paths to mask, so that operators can 
whack it with configuration.
3. Unconditionally do the masking.

If we go down the path of (2), then operators who need privileged containers to 
see this information will be stranded, so my preference would be something 
closer to (1).

If we prefer (3), then we already unconditionally make certain container paths 
read-only, which could be regarded as precedent.

/cc [~jieyu] [~gilbert] [~jasonlai]


> Mask sensitive procfs paths.
> ----------------------------
>
>                 Key: MESOS-9771
>                 URL: https://issues.apache.org/jira/browse/MESOS-9771
>             Project: Mesos
>          Issue Type: Improvement
>          Components: containerization
>            Reporter: James Peach
>            Priority: Major
>
> We already have a set of procfs paths that we mark read-only in the 
> containerizer, but there are additional paths that are considered sensitive 
> by other containerizers and are masked altogether:
> {noformat}
>                                "/proc/asound"
>                                "/proc/acpi"
>                                 "/proc/kcore"
>                                 "/proc/keys"
>                                 "/proc/latency_stats"
>                                 "/proc/timer_list"
>                                 "/proc/timer_stats"
>                                 "/proc/sched_debug"
>                                 "/sys/firmware"
>                                 "/proc/scsi"
> {noformat}
> Masking is done by mounting {{/dev/null}} on files, and an empty, readonly 
> {{tmpfs}} on directories.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)