This project has retired. For details please refer to its Attic page.
Apache Mesos - Linux NNP (no\_new\_privs) Isolator in Mesos Containerizer

If you're new to Mesos

See the getting started page for more information about downloading, building, and deploying Mesos.

If you'd like to get involved or you're looking for support

See our community page for more details.

Linux NNP Support in Mesos Containerizer

This document describes the linux/nnp isolator. This isolator sets the no_new_privs flag for all containers launched using the MesosContainerizer.

The no_new_privs flag disables the ability of container tasks to acquire any additional privileges by means of executing a child process e.g. through invocation of setuid or setgid programs. To enable the linux/nnp isolator, append linux/nnp to the --isolation flag when starting the Mesos agent.

© 2012-2022 The Apache Software Foundation. Apache Mesos, the Apache feather logo, and the Apache Mesos project logo are trademarks of The Apache Software Foundation.