mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gilbert Song <>
Subject Re: Review Request 61122: Fixed the sandbox volume relative host path ownership.
Date Fri, 28 Jul 2017 01:44:47 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated July 27, 2017, 6:44 p.m.)

Review request for mesos, Ilya Pronin, Jie Yu, James Peach, Stephan Erb, Vinod Kone, and Jiang
Yan Xu.

Summary (updated)

Fixed the sandbox volume relative host path ownership.

Bugs: MESOS-5187

Repository: mesos

Description (updated)

This bugfix addresses the issue from MESOS-5178. Basically, the
sandbox volume ownership was not set correctly. This issue can be
exposed if a framework user is non-root while the agent
process runs as root. Then, the non-root user does not have
permissions to write to this volume.

The correct solution should be giving permissions to corresponding
users by leveraging supplementary groups. But we can still
introduce a workaround in this patch by changing the ownership
of this sandbox volume to its sandbox's ownership.

Diffs (updated)

  src/slave/containerizer/mesos/isolators/filesystem/linux.cpp bf35b7f00d6e80672ffc27cfc3f3a2fd8de69a99




make check


Gilbert Song

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message