From reviews-return-84948-apmail-mesos-reviews-archive=mesos.apache.org@mesos.apache.org Tue Jan 29 07:34:49 2019 Return-Path: X-Original-To: apmail-mesos-reviews-archive@minotaur.apache.org Delivered-To: apmail-mesos-reviews-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CA228188C9 for ; Tue, 29 Jan 2019 07:34:49 +0000 (UTC) Received: (qmail 36503 invoked by uid 500); 29 Jan 2019 07:34:49 -0000 Delivered-To: apmail-mesos-reviews-archive@mesos.apache.org Received: (qmail 36457 invoked by uid 500); 29 Jan 2019 07:34:49 -0000 Mailing-List: contact reviews-help@mesos.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: reviews@mesos.apache.org Delivered-To: mailing list reviews@mesos.apache.org Received: (qmail 36446 invoked by uid 99); 29 Jan 2019 07:34:48 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Jan 2019 07:34:48 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 661DAC018C; Tue, 29 Jan 2019 07:34:48 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3.402 X-Spam-Level: *** X-Spam-Status: No, score=3.402 tagged_above=-999 required=6.31 tests=[DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_REPLYTO_END_DIGIT=0.25, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=2, KAM_LAZY_DOMAIN_SECURITY=1, KAM_LOTSOFHASH=0.25, NML_ADSP_CUSTOM_MED=1.2, RCVD_IN_DNSWL_MED=-2.3] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id pMcio0QrLvlo; Tue, 29 Jan 2019 07:34:47 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id F38985F574; Tue, 29 Jan 2019 07:34:46 +0000 (UTC) Received: from reviews.apache.org (unknown [10.41.0.12]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 80D72E0147; Tue, 29 Jan 2019 07:34:46 +0000 (UTC) Received: from reviews-vm2.apache.org (localhost [IPv6:::1]) by reviews.apache.org (ASF Mail Server at reviews-vm2.apache.org) with ESMTP id 5AABBC40E76; Tue, 29 Jan 2019 07:34:46 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============2914639436489199953==" MIME-Version: 1.0 Subject: Re: Review Request 69345: Made non-root containers can access PARENT type SANDBOX_PATH volume. From: Qian Zhang To: Jie Yu , Andrei Budnik , Greg Mann , Ilya Pronin Cc: Mesos Reviewbot Windows , Qian Zhang , mesos Date: Tue, 29 Jan 2019 07:34:46 -0000 Message-ID: <20190129073446.64366.35985@reviews-vm2.apache.org> X-ReviewBoard-URL: https://reviews.apache.org/ Auto-Submitted: auto-generated Sender: Qian Zhang X-ReviewGroup: mesos X-Auto-Response-Suppress: DR, RN, OOF, AutoReply X-ReviewRequest-URL: https://reviews.apache.org/r/69345/ X-Sender: Qian Zhang References: <20190107003002.47083.21246@reviews-vm2.apache.org> In-Reply-To: <20190107003002.47083.21246@reviews-vm2.apache.org> Reply-To: Qian Zhang X-ReviewRequest-Repository: mesos --===============2914639436489199953== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69345/ ----------------------------------------------------------- (Updated Jan. 29, 2019, 3:34 p.m.) Review request for mesos, Andrei Budnik, Gilbert Song, Greg Mann, Ilya Pronin, and Jie Yu. Changes ------- Rebased. Bugs: MESOS-8810 https://issues.apache.org/jira/browse/MESOS-8810 Repository: mesos Description ------- If a nested container running as a non-root user tries to use a PARENT type SANDBOX_PATH volume, we will make sure the volume owned by a unique gid allocated by the volume gid manager and the container process launched with that gid as its supplementary group. Diffs (updated) ----- include/mesos/slave/containerizer.proto 7d16463fcce3df14d256f5a4f2deb42c482d0734 src/local/local.cpp 608706811486e59b9472c026876d1d84cbccc279 src/slave/containerizer/containerizer.hpp 66f73a306deffc51503479420531ea1948c574e1 src/slave/containerizer/containerizer.cpp c6b5e64a72d16b871dcbfc17c05566affea6bd44 src/slave/containerizer/mesos/containerizer.hpp 3102b8755c1fa3b205081d0198c6021c02d15ec6 src/slave/containerizer/mesos/containerizer.cpp 35f51ad33da53b3e6a8eec275fbf3e77782b0fba src/slave/containerizer/mesos/isolators/volume/sandbox_path.hpp 1631160236379f84c6e1ed1be1370b5f2f2fd563 src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp ecd467c5a33c2f41396bc72ddd7cb806bb8adc52 src/slave/containerizer/mesos/launch.cpp 7f401cdf481123b8c6cc500ac02bb7daf2613d2c src/slave/main.cpp d1ce45455f2867cb71378da122fbd598aca4546d src/slave/slave.hpp 2bcd7a93a8f25b77c71c7f931bfaac87649f987c src/slave/slave.cpp ed92f672f5155d70a36ba3619bb6f06fa09bc836 src/tests/cluster.cpp 61489840fb1491ab56fd9edd5bcbb1c1dca2c0d2 src/tests/mock_slave.hpp 3c0d602a981d76dcf10f9e413851e606d835e113 src/tests/mock_slave.cpp a78ca9c7911bb7928a93be6867abe62e8cd20712 Diff: https://reviews.apache.org/r/69345/diff/6/ Changes: https://reviews.apache.org/r/69345/diff/5-6/ Testing ------- Thanks, Qian Zhang --===============2914639436489199953==--