Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-5615

When using command executor, the ExecutorInfo is useless for sandbox authorization

    Details

      Description

      The design for sandbox access authorization uses the ExecutorInfo associated with the task as the main authorization space and the FrameworkInfo as a secondary one. This allows module writes to use fields such a labels for authorization.

      When a task uses the command executor it doesn't provide an ExecutorInfo, but the info object is generated automatically inside the agent. As such, information which could be used for authorization (e.g. labels) is not available for authorization.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                js84 Jörg Schad
                Reporter:
                arojas Alexander Rojas
                Shepherd:
                Till Toenshoff
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: