Fixed mesos containerizer to support docker image WORKDIR missing. Some docker image may have 'WORKDIR' set in its manifest but that 'WORKDIR' does not exist in the image rootfs (e.g., the workdir is removed in the following dockerfile).
>From the reference of dockerfile, "If the WORKDIR doesnât exist, it will be created even if itâs not used in any subsequent Dockerfile instruction". So we should create the working directory if it does not exist in the image's rootfs. Review: https://reviews.apache.org/r/61602 Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/a203e357 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/a203e357 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/a203e357 Branch: refs/heads/1.2.x Commit: a203e357e569d114882df9e4b688aa80d9fda112 Parents: c39822e Author: Gilbert Song <songzihao1...@gmail.com> Authored: Fri Aug 11 17:52:18 2017 -0700 Committer: Gilbert Song <songzihao1...@gmail.com> Committed: Thu Aug 17 01:23:09 2017 -0700 ---------------------------------------------------------------------- src/slave/containerizer/mesos/launch.cpp | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/a203e357/src/slave/containerizer/mesos/launch.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/launch.cpp b/src/slave/containerizer/mesos/launch.cpp index a75b639..712701f 100644 --- a/src/slave/containerizer/mesos/launch.cpp +++ b/src/slave/containerizer/mesos/launch.cpp @@ -559,6 +559,29 @@ int MesosContainerizerLaunch::execute() #endif // __WINDOWS__ if (launchInfo.has_working_directory()) { + // If working directory does not exist (e.g., being removed from + // the container image), create an empty directory even it may + // not be used. Please note that this case can only be possible + // if an image has 'WORKDIR' specified in its manifest but that + // 'WORKDIR' does not exist in the image's rootfs. + // + // TODO(gilbert): Set the proper ownership to this working + // directory to make sure a specified non-root user has the + // permission to write to this working directory. Right now + // it is owned by root, and any non-root user will fail to + // write to this directory. Please note that this is identical + // to the semantic as docker daemon. The semantic can be + // verified by: + // 'docker run -ti -u nobody quay.io/spinnaker/front50:master bash' + // The ownership of '/workdir' is root. Creating any file under + // '/workdir' will fail for 'Permission denied'. + Try<Nothing> mkdir = os::mkdir(launchInfo.working_directory()); + if (mkdir.isError()) { + cerr << "Failed to create working directory " + << "'" << launchInfo.working_directory() << "': " + << mkdir.error() << endl; + } + Try<Nothing> chdir = os::chdir(launchInfo.working_directory()); if (chdir.isError()) { cerr << "Failed to chdir into current working directory "
