mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Till Toenshoff <toensh...@me.com>
Subject Re: Review Request 59898: Fixed Docker containerizer stdout/stderr ownership.
Date Tue, 13 Jun 2017 01:40:49 GMT


> On June 8, 2017, 4:10 p.m., Kapil Arya wrote:
> > src/slave/containerizer/docker.cpp
> > Line 423 (original), 423 (patched)
> > <https://reviews.apache.org/r/59898/diff/1/?file=1744125#file1744125line423>
> >
> >     I'm wondering if we should add a comment that explains what happens if we pass
`None()` in there. E.g., if no user is specified, the files are owned by root (?) or something
similar.

Tough question actually ...

So the `Fetcher::fetch` interface describes things as follows:
```
  // Download the URIs specified in the command info and place the
  // resulting files into the given sandbox directory. Chmod said files
  // to the user if given. Send stdout and stderr output to files
  // "stdout" and "stderr" in the given directory. Extract archives and/or
  // use the cache if so instructed by the given CommandInfo::URI items.
```

This is a bit unclear in fact. Truth is, there are two paths into explicit ownership;
- the `user` supplied explicitly to `fetch` which comes from `ContainerConfig.user` which
in turn comes from the `FrameworkInfo.user`
- `CommandInfo`s `user` which may be explicitly supplied with the command

The "stdout/stderr" ownership priorities are;
1: CommandInfo user
2: FrameworkInfo user
3: agent owner -> fetcher owner

We should indeed follow-up and explain that somewhere in detail -- but where would be a good
place for that?


- Till


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59898/#review177317
-----------------------------------------------------------


On June 7, 2017, 11:11 p.m., Till Toenshoff wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59898/
> -----------------------------------------------------------
> 
> (Updated June 7, 2017, 11:11 p.m.)
> 
> 
> Review request for mesos, Adam B, Kapil Arya, and Joseph Wu.
> 
> 
> Bugs: MESOS-7640
>     https://issues.apache.org/jira/browse/MESOS-7640
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Without this patch, the Docker containerizer would not inherit the
> ownership of stdout/stderr from the FrameworkInfo user. This issue
> got introduced recently in the refactorings of the Docker
> containerizer.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/docker.cpp 9f84109d7de22a39ace6e44e0c7d8d501bcb24de 
> 
> 
> Diff: https://reviews.apache.org/r/59898/diff/2/
> 
> 
> Testing
> -------
> 
> make check && functional test
> 
> 
> Thanks,
> 
> Till Toenshoff
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message