mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Qian Zhang <zhq527...@gmail.com>
Subject Re: Review Request 69345: Made non-root containers can access PARENT type SANDBOX_PATH volume.
Date Mon, 07 Jan 2019 00:30:02 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69345/
-----------------------------------------------------------

(Updated Jan. 7, 2019, 8:30 a.m.)


Review request for mesos, Andrei Budnik, Gilbert Song, Greg Mann, Ilya Pronin, and Jie Yu.


Changes
-------

Minor changes.


Summary (updated)
-----------------

Made non-root containers can access PARENT type SANDBOX_PATH volume.


Bugs: MESOS-8810
    https://issues.apache.org/jira/browse/MESOS-8810


Repository: mesos


Description (updated)
-------

If a nested container running as a non-root user tries to use a PARENT
type SANDBOX_PATH volume, we will make sure the volume owned by a unique
gid allocated by the volume gid manager and the container process
launched with that gid as its supplementary group.


Diffs (updated)
-----

  include/mesos/slave/containerizer.proto 5b4dcdda0f55ea3355c78d1447c7be9ca54d9dc9 
  src/local/local.cpp 608706811486e59b9472c026876d1d84cbccc279 
  src/slave/containerizer/containerizer.hpp 66f73a306deffc51503479420531ea1948c574e1 
  src/slave/containerizer/containerizer.cpp c6b5e64a72d16b871dcbfc17c05566affea6bd44 
  src/slave/containerizer/mesos/containerizer.hpp 3102b8755c1fa3b205081d0198c6021c02d15ec6

  src/slave/containerizer/mesos/containerizer.cpp a5cf2da55c046c5c45e0c2ca3400f64de12de62b

  src/slave/containerizer/mesos/isolators/volume/sandbox_path.hpp 1631160236379f84c6e1ed1be1370b5f2f2fd563

  src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp ecd467c5a33c2f41396bc72ddd7cb806bb8adc52

  src/slave/containerizer/mesos/launch.cpp 2f1c9e7a8748c9d7eab25bc8567ca68308e680f9 
  src/slave/main.cpp d1ce45455f2867cb71378da122fbd598aca4546d 
  src/slave/slave.hpp 2eadf5fce9a314f1ec0ac5d51820c6381f5f1468 
  src/slave/slave.cpp ad3b693a716cf6103345a157bf28dd60a7b07d32 
  src/tests/cluster.cpp 4ad7c0b5326213034971e85e9cb4631db14c6625 
  src/tests/mock_slave.hpp 3c0d602a981d76dcf10f9e413851e606d835e113 
  src/tests/mock_slave.cpp a78ca9c7911bb7928a93be6867abe62e8cd20712 


Diff: https://reviews.apache.org/r/69345/diff/5/

Changes: https://reviews.apache.org/r/69345/diff/4-5/


Testing
-------


Thanks,

Qian Zhang


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message