mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: Review Request 64630: Narrowed task sandbox permissions from 0755 to 0750.
Date Mon, 08 Jan 2018 18:11:42 GMT


> On Jan. 5, 2018, 11:53 p.m., Ilya Pronin wrote:
> > src/slave/paths.hpp
> > Lines 404-405 (patched)
> > <https://reviews.apache.org/r/64630/diff/1/?file=1917889#file1917889line404>
> >
> >     Again judging by other functions here. The convention seems to be that the user
provides a root dir path and a container ID for the function to construct the directory path.
So the function prototype would look like this:
> >     ```cpp
> >     Try<std::string> createSandboxDirectory(
> >         const std::string& rootDir,
> >         const ContainerID& containerId,
> >         const Option<std::string>& user = None());
> >     ```

The goal of this API is to centralize how to create a directory with "sandbox" semantics.
We already have helpers that can be used to figure out what the sandbox paths it, and I'd
like to keep those concerns separate.


> On Jan. 5, 2018, 11:53 p.m., Ilya Pronin wrote:
> > src/slave/paths.cpp
> > Line 726 (original), 726 (patched)
> > <https://reviews.apache.org/r/64630/diff/1/?file=1917890#file1917890line726>
> >
> >     Misleading naming. Maybe we can create a function like "create, set mode and
own" and call it from here and from `createSandboxDirectory()`?

Well, consistently applying the "create, set mode and own" is the whole purpose of `createSandboxDirectory`.
I added a comment to clarify.


> On Jan. 5, 2018, 11:53 p.m., Ilya Pronin wrote:
> > src/slave/paths.cpp
> > Lines 763 (patched)
> > <https://reviews.apache.org/r/64630/diff/1/?file=1917890#file1917890line763>
> >
> >     No error checking?

This can't fail since you just created the directory, but it doesn't hurt to add the check.


- James


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64630/#review194915
-----------------------------------------------------------


On Dec. 15, 2017, 12:10 a.m., James Peach wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64630/
> -----------------------------------------------------------
> 
> (Updated Dec. 15, 2017, 12:10 a.m.)
> 
> 
> Review request for mesos, Andrew Schwartzmeyer, Ilya Pronin, Jie Yu, and Vinod Kone.
> 
> 
> Bugs: MESOS-8332
>     https://issues.apache.org/jira/browse/MESOS-8332
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Since task sandboxes can contain private data, we should not
> make them accessible to others by default. This changes all the
> places that create a task sandbox directory to use a helper API
> `slave::paths::createSandboxPath` that consistently deals with
> setting the directory mode and ownership.
> 
> A number of tests depended on the previous behavior where
> failing to change the ownership was logged but did not cause
> a failure. Depending on the test, these were updated to either
> disable the agent `switch_user` flag, or to specify the current
> user in the task launch message.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/containerizer.cpp 7ab0b07f689f872573ca458ae47cd6426ebc0365

>   src/slave/containerizer/mesos/paths.cpp 8a188a918873eef468a984b80f5ea7ebaa8fb923 
>   src/slave/http.cpp ed22b9f6bfa1c480a0672ce25d364bba6e33a200 
>   src/slave/paths.hpp 9cbacd8da62e7c7386dca7031fc09a46ae773161 
>   src/slave/paths.cpp fca2a0eec2a75ed76028ea54dc992502275d4bce 
>   src/tests/api_tests.cpp 86cbba4fab5e7a45298d17f3f2969391cc18be68 
>   src/tests/master_allocator_tests.cpp 9bca27c7612b9ac4813f794bcc9ed38aeed078e5 
>   src/tests/master_authorization_tests.cpp 676543a5ad1bb5d47011fc2a8b05dfaaeef18c64 
>   src/tests/slave_authorization_tests.cpp 4ba0b8e96614a2df0daec576c08fe02462ccaa27 
> 
> 
> Diff: https://reviews.apache.org/r/64630/diff/1/
> 
> 
> Testing
> -------
> 
> make check (Fedora 27)
> 
> 
> Thanks,
> 
> James Peach
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message