mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gilbert Song <songzihao1...@gmail.com>
Subject Re: Review Request 61120: Fixed the sandbox_path volume source path ownership.
Date Fri, 28 Jul 2017 19:24:29 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61120/
-----------------------------------------------------------

(Updated July 28, 2017, 12:24 p.m.)


Review request for mesos, Greg Mann, Ilya Pronin, Jie Yu, James Peach, Vinod Kone, and Jiang
Yan Xu.


Bugs: MESOS-7830
    https://issues.apache.org/jira/browse/MESOS-7830


Repository: mesos


Description
-------

This bugfix addresses the issue from MESOS-7830. Basically, the
sandbox path volume ownership was not set correctly. This issue
can be exposed if a framework user is non-root while the agent
process runs as root. Then, the non-root user does not have
permissions to write to this volume.

The correct solution should be giving permissions to corresponding
users by leveraging supplementary groups. But we can still
introduce a workaround in this patch by changing the ownership
of the sandbox path volume to its sandbox's ownership.


Diffs (updated)
-----

  src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp 6f7304d4aa40eb1b4815ffc1fec61f7e98291cba



Diff: https://reviews.apache.org/r/61120/diff/4/

Changes: https://reviews.apache.org/r/61120/diff/3-4/


Testing
-------

make check


Thanks,

Gilbert Song


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message