mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Qian Zhang <>
Subject Re: Review Request 70514: Made nested contaienr can access its sandbox via `MESOS_SANDBOX`.
Date Fri, 26 Apr 2019 07:10:59 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated April 26, 2019, 3:10 p.m.)

Review request for mesos, Andrei Budnik, Gilbert Song, and James Peach.


Addressed review comments.

Bugs: MESOS-9536

Repository: mesos

Description (updated)

Previously in MESOS-8332 we narrowed task sandbox permissions from 0755
to 0750 which will cause nested container may not has permission to
access its sandbox via the environment variable `MESOS_SANDBOX`. Now in
this patch, for nested container which does not have its own rootfs, we
bind mount its sandbox to the directory specified via the agent flag
`--sandbox_directory` and set `MESOS_SANDBOX` to `--sandbox_directory`
as well, in this way such nested container will have the permission
to access its sandbox via `MESOS_SANDBOX`.

Diffs (updated)

  src/slave/containerizer/mesos/containerizer.cpp 043244841a73fa3f5f7119bc38f6d3a04be8990b

  src/slave/containerizer/mesos/isolators/filesystem/linux.cpp 725754f26855ea54ccf8cbcb288ee3b29e8ed4e7





Qian Zhang

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message