mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jie Yu <yujie....@gmail.com>
Subject Re: Review Request 57402: Fixed command task with container image 'root' user issue.
Date Thu, 09 Mar 2017 20:41:16 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57402/#review168510
-----------------------------------------------------------


Ship it!




Ship It!

- Jie Yu


On March 8, 2017, 1:27 a.m., Gilbert Song wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/57402/
> -----------------------------------------------------------
> 
> (Updated March 8, 2017, 1:27 a.m.)
> 
> 
> Review request for mesos, Adam B, Avinash sridharan, Jie Yu, and Timothy Chen.
> 
> 
> Bugs: MESOS-7208
>     https://issues.apache.org/jira/browse/MESOS-7208
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This issue is command task with container image provided specific.
> We used to set user as 'root' explicitly for command task with
> container image. However, this would break operators who set 'user'
> for FrameworkInfo/CommandInfo to any user other than 'root' because
> the task cannot access all other contents owned by 'root', e.g.,
> persistent volumes, stdout/stderr or any other directories/files
> written by modules.
> 
> Instead of relying on each isolator/module to explicitly chown,
> Mesos should set user to 'root' right before launching the command
> executor, because the root privilege is only necessary for 'chroot'
> in command executor launch, which should not impact on other
> components.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/containerizer.cpp d2b4f75a55dbe4746bc2dfc180335fa831a554ef

>   src/slave/slave.cpp 892ce1938ac695e7913aa9139536d0787f3f5ea7 
> 
> 
> Diff: https://reviews.apache.org/r/57402/diff/1/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Gilbert Song
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message