Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-9908

Introduce a new agent flag and support docker volume chown to task user.

    XMLWordPrintableJSON

    Details

    • Target Version/s:
    • Sprint:
      Containerization: RI-17 52
    • Story Points:
      5

      Description

      Currently, docker volume is always mounted as root, which is not accessible by non-root task users. For security concerns, there are use cases that operator may only allow non-root users to run as container user and docker volume needs to be supported for those non-root users.

      A new agent flag is needed to make this support configurable, because chown-ing a docker volume may be limited to some use case - e.g., multiple non-root users on different hosts sharing the same docker volume simultaneously. Operators are expected to turn on this flag if their cluster's docker volume is not shared by multiple non-root users.

        Attachments

          Activity

            People

            • Assignee:
              gilbert Gilbert Song
              Reporter:
              gilbert Gilbert Song
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: