[jira] [Commented] (MESOS-9770) Add no-new-privileges isolator.
[ https://issues.apache.org/jira/browse/MESOS-9770?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16888455#comment-16888455 ] James Peach commented on MESOS-9770: | https://reviews.apache.org/r/71106/ | | https://reviews.apache.org/r/70757/| | https://reviews.apache.org/r/71107/ | > Add no-new-privileges isolator. > --- > > Key: MESOS-9770 > URL: https://issues.apache.org/jira/browse/MESOS-9770 > Project: Mesos > Issue Type: Improvement > Components: containerization >Reporter: James Peach >Assignee: Jacob Janco >Priority: Major > > To give security-minded operators more defense in depth, add a {{linux/nnp}} > isolator that sets the no-new-privileges bit before starting the executor. -- This message was sent by Atlassian JIRA (v7.6.14#76016)
[jira] [Commented] (MESOS-9770) Add no-new-privileges isolator.
[ https://issues.apache.org/jira/browse/MESOS-9770?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16851203#comment-16851203 ] Jacob Janco commented on MESOS-9770: [https://reviews.apache.org/r/70757/] > Add no-new-privileges isolator. > --- > > Key: MESOS-9770 > URL: https://issues.apache.org/jira/browse/MESOS-9770 > Project: Mesos > Issue Type: Improvement > Components: containerization >Reporter: James Peach >Assignee: Jacob Janco >Priority: Major > > To give security-minded operators more defense in depth, add a {{linux/nnp}} > isolator that sets the no-new-privileges bit before starting the executor. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (MESOS-9770) Add no-new-privileges isolator
[ https://issues.apache.org/jira/browse/MESOS-9770?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16834398#comment-16834398 ] James Peach commented on MESOS-9770: /cc [~jieyu] [~gilbert] [~abudnik] > Add no-new-privileges isolator > -- > > Key: MESOS-9770 > URL: https://issues.apache.org/jira/browse/MESOS-9770 > Project: Mesos > Issue Type: Improvement > Components: containerization >Reporter: James Peach >Priority: Major > > To give security-minded operators more defense in depth, add a {{linux/nnp}} > isolator that sets the no-new-privileges bit before starting the executor. -- This message was sent by Atlassian JIRA (v7.6.3#76005)