mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vinod Kone <vinodk...@apache.org>
Subject Re: Review Request 64630: Narrowed task sandbox permissions from 0755 to 0750.
Date Fri, 15 Dec 2017 00:38:42 GMT
nvm, just saw the email.

On Thu, Dec 14, 2017 at 4:38 PM, Vinod Kone <vinodkone@apache.org> wrote:

> Probably needs a heads up on the dev/user list since this is a user
> visible change.
>
> On Thu, Dec 14, 2017 at 4:09 PM, James Peach <jpeach@apache.org> wrote:
>
>> This is an automatically generated e-mail. To reply, visit:
>> https://reviews.apache.org/r/64630/
>> Review request for mesos, Andrew Schwartzmeyer, Jie Yu, and Vinod Kone.
>> By James Peach.
>> *Bugs: * MESOS-8332 <https://issues.apache.org/jira/browse/MESOS-8332>
>> *Repository: * mesos
>> Description
>>
>> Since task sandboxes can contain private data, we should not
>> make them accessible to others by default. This changes all the
>> places that create a task sandbox directory to use a helper APIslave::paths::createSandboxPath
that consistently deals with
>> setting the directory mode and ownership.
>>
>> A number of tests depended on the previous behavior where
>> failing to change the ownership was logged but did not cause
>> a failure. Depending on the test, these were updated to either
>> disable the agent switch_user flag, or to specify the current
>> user in the task launch message.
>>
>> Testing
>>
>> make check (Fedora 27)
>>
>> Diffs
>>
>>    - src/slave/containerizer/mesos/containerizer.cpp
>>    (7ab0b07f689f872573ca458ae47cd6426ebc0365)
>>    - src/slave/containerizer/mesos/paths.cpp
>>    (8a188a918873eef468a984b80f5ea7ebaa8fb923)
>>    - src/slave/http.cpp (ed22b9f6bfa1c480a0672ce25d364bba6e33a200)
>>    - src/slave/paths.hpp (9cbacd8da62e7c7386dca7031fc09a46ae773161)
>>    - src/slave/paths.cpp (fca2a0eec2a75ed76028ea54dc992502275d4bce)
>>    - src/tests/api_tests.cpp (86cbba4fab5e7a45298d17f3f2969391cc18be68)
>>    - src/tests/master_allocator_tests.cpp (9bca27c7612b9ac4813f794bcc9ed
>>    38aeed078e5)
>>    - src/tests/master_authorization_tests.cpp
>>    (676543a5ad1bb5d47011fc2a8b05dfaaeef18c64)
>>    - src/tests/slave_authorization_tests.cpp
>>    (4ba0b8e96614a2df0daec576c08fe02462ccaa27)
>>
>> View Diff <https://reviews.apache.org/r/64630/diff/1/>
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message