mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Qian Zhang <zhq527...@gmail.com>
Subject Review Request 69376: Fixed an issue about inheriting user for nested containers.
Date Sat, 17 Nov 2018 14:08:59 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69376/
-----------------------------------------------------------

Review request for mesos and Gilbert Song.


Bugs: MESOS-9332
    https://issues.apache.org/jira/browse/MESOS-9332


Repository: mesos


Description
-------

Previously we inherited user from parent container for nested
containers in `MesosContainerizerProcess::_launch`, but that
is too late which will cause an issue that the nested container
is launched as a non-root user but its sandbox directory is
created with root as owner (suppose there is no user specified
in the nested container's `commandInfo` and the default executor
is launched as a non-root user), so the nested container will not
have the permission to write to its own sandbox.

In this patch, we inherit user for nested containers in an earlier
place (i.e., `MesosContainerizerProcess::launch`) to avoid the
above issue.


Diffs
-----

  src/slave/containerizer/mesos/containerizer.cpp 181a4da1d18b215348d183f104157d996f2da096



Diff: https://reviews.apache.org/r/69376/diff/1/


Testing
-------


Thanks,

Qian Zhang


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message