Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-6526

`mesos-containerizer launch --environment` exposes executor env vars in `ps`.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 1.1.0
    • 1.1.1, 1.2.0
    • containerization
    • None

    Description

      With MESOS-6323, the helper mesos-containerizer launch takes a `--environment` flag for the env vars used by the executor. This is unpleasant because its a common practice that people use env vars to hide configs that are sensitive and now it's visible to non-root users on the host with a ps command.

      Given that we want to separate the environments of mesos-containerizer launch and the executor itself, perhaps we can just package and serialize the executor env vars in one env var MESOS_EXECUTOR_ENVIRONMENT and pass that to mesos-containerizer launch which could then get it through a flag the usual way.

      In general Mesos should do more to protect env vars but I'll file separate issues for them.

      Attachments

        Activity

          People

            xujyan Yan Xu
            xujyan Yan Xu
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: