mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gilbert Song <songzihao1...@gmail.com>
Subject Review Request 57402: Fixed command task with container image 'root' user issue.
Date Wed, 08 Mar 2017 01:27:21 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57402/
-----------------------------------------------------------

Review request for mesos, Adam B, Avinash sridharan, Jie Yu, and Timothy Chen.


Bugs: MESOS-7208
    https://issues.apache.org/jira/browse/MESOS-7208


Repository: mesos


Description
-------

This issue is command task with container image provided specific.
We used to set user as 'root' explicitly for command task with
container image. However, this would break operators who set 'user'
for FrameworkInfo/CommandInfo to any user other than 'root' because
the task cannot access all other contents owned by 'root', e.g.,
persistent volumes, stdout/stderr or any other directories/files
written by modules.

Instead of relying on each isolator/module to explicitly chown,
Mesos should set user to 'root' right before launching the command
executor, because the root privilege is only necessary for 'chroot'
in command executor launch, which should not impact on other
components.


Diffs
-----

  src/slave/containerizer/mesos/containerizer.cpp d2b4f75a55dbe4746bc2dfc180335fa831a554ef

  src/slave/slave.cpp 892ce1938ac695e7913aa9139536d0787f3f5ea7 


Diff: https://reviews.apache.org/r/57402/diff/1/


Testing
-------

make check


Thanks,

Gilbert Song


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message