Hi,
In https://issues.apache.org/jira/browse/MESOS-8306 I am proposing that we
use an ACL to restrict the roles that agents can statically reserve
resources for to address a security concern in which a process on a
compromised host can impersonate an agent and then then reservation
resources for a
+alexander, adam
On Tue, Dec 12, 2017 at 11:31 AM, Yan Xu wrote:
> Hi,
>
> In https://issues.apache.org/jira/browse/MESOS-8306 I am proposing that we
> use an ACL to restrict the roles that agents can statically reserve
> resources for to address a security concern in which a process on a
> comp
Hey Yan,
We were discussing this issue with James and I think this is not enough
to guarantee that an Agent won’t be assigned (neither statically nor
dynamically) resources under certain role. The problem here is that nothing
will avoid a principal to dynamically reserve resources later.
However
> On Dec 15, 2017, at 5:34 AM, Alexander Rojas wrote:
>
> Hey Yan,
>
> We were discussing this issue with James and I think this is not enough
> to guarantee that an Agent won’t be assigned (neither statically nor
> dynamically) resources under certain role. The problem here is that nothing
>
