Uploaded image for project: 'Marathon'
  1. Marathon
  2. MARATHON-4152

Private registry sandbox security problem

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Medium
    • Resolution: Won't Do
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Security
    • Labels:

      Description

      If I'm using a private registry, and follow the instructions to provide the tar.gz credentials, then those credentials are made available not only to mesos in order to procure the docker, but also to anything inside that container that cares to look at the mounted sandbox. It would be especially helpful if the fetcher had an option to NOT copy fetched files to the sandbox.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              GitHub_jeacott jeacott (Inactive)
              Team:
              Orchestration Team
              Watchers:
              Jason Gilanfarr (Inactive), Matthias Eichstedt
            • Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: