mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Qian Zhang <>
Subject Review Request 69376: Fixed an issue about inheriting user for nested containers.
Date Sat, 17 Nov 2018 14:08:59 GMT

This is an automatically generated e-mail. To reply, visit:

Review request for mesos and Gilbert Song.

Bugs: MESOS-9332

Repository: mesos


Previously we inherited user from parent container for nested
containers in `MesosContainerizerProcess::_launch`, but that
is too late which will cause an issue that the nested container
is launched as a non-root user but its sandbox directory is
created with root as owner (suppose there is no user specified
in the nested container's `commandInfo` and the default executor
is launched as a non-root user), so the nested container will not
have the permission to write to its own sandbox.

In this patch, we inherit user for nested containers in an earlier
place (i.e., `MesosContainerizerProcess::launch`) to avoid the
above issue.


  src/slave/containerizer/mesos/containerizer.cpp 181a4da1d18b215348d183f104157d996f2da096




Qian Zhang

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message