mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Qian Zhang <zhq527...@gmail.com>
Subject Re: Review Request 69345: Made non-root containers can access SANDBOX volume of PARENT type.
Date Thu, 15 Nov 2018 13:55:50 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69345/
-----------------------------------------------------------

(Updated Nov. 15, 2018, 9:55 p.m.)


Review request for mesos, Gilbert Song, Greg Mann, Ilya Pronin, and Jie Yu.


Repository: mesos


Description
-------

If a nested container running as a non-root user tries to use a
SANDBOX volume of PARENT type, we will make sure the volume owned
by a unique gid allocated by the volume gid manager and the container
process launched with that gid as its supplementary group.


Diffs (updated)
-----

  include/mesos/slave/containerizer.proto 5b4dcdda0f55ea3355c78d1447c7be9ca54d9dc9 
  src/local/local.cpp 608706811486e59b9472c026876d1d84cbccc279 
  src/slave/containerizer/containerizer.hpp 66f73a306deffc51503479420531ea1948c574e1 
  src/slave/containerizer/containerizer.cpp c6b5e64a72d16b871dcbfc17c05566affea6bd44 
  src/slave/containerizer/mesos/containerizer.hpp 3102b8755c1fa3b205081d0198c6021c02d15ec6

  src/slave/containerizer/mesos/containerizer.cpp 181a4da1d18b215348d183f104157d996f2da096

  src/slave/containerizer/mesos/isolators/volume/sandbox_path.hpp 1631160236379f84c6e1ed1be1370b5f2f2fd563

  src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp 300b3d95d74b73fbe0221096f3f3f172be745081

  src/slave/containerizer/mesos/launch.cpp 882bcdf89e2b0cca3d3f62e6d017849a51ceaead 
  src/slave/main.cpp e774092ff2c3941f17cdebfb26d80c05a26497c6 
  src/slave/slave.hpp 0bd340176e2a8cefdfa7ef71e059441fb171aff6 
  src/slave/slave.cpp 74f6fb9036a9ac4f587f53ec2df04eeb4c167bfb 
  src/tests/cluster.cpp 2b351ca70d8e80008e49722aa7d46918b5ecd9b0 
  src/tests/mock_slave.hpp 3c0d602a981d76dcf10f9e413851e606d835e113 
  src/tests/mock_slave.cpp a78ca9c7911bb7928a93be6867abe62e8cd20712 


Diff: https://reviews.apache.org/r/69345/diff/2/

Changes: https://reviews.apache.org/r/69345/diff/1-2/


Testing
-------


Thanks,

Qian Zhang


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message