This is an automated email from the ASF dual-hosted git repository.
gilbert pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git.
from 9665276 Prevented closing invalid file descriptors.
new 16a22b7 Added an agent flag `--volume_gid_range`.
new 221efd3 Added volume gid manager.
new 8603cef Made non-root containers can access PARENT type SANDBOX_PATH
volume.
new 408f281 Added `task_supplementary_groups` into `ContainerLaunchInfo`.
new a7c59bf Changed the definition of `uid_t` and `gid_t` to UNIT for
Windows.
new caf09d8 Added the flag `--task_supplementary_groups` to command
executor.
new 3b7670e Made non-root containers can access shared persistent volume.
new c03e51f Deallocated the shared persistent volume's gid when it is
removed.
new 16fd7e7 Implemented recovery for volume gid manager.
new 9c44b31 Added a test `ROOT_UNPRIVILEGED_USER_ParentTypeDifferentUser`.
new d040516 Added a test `ROOT_UNPRIVILEGED_USER_SharedPersistentVolume`.
new 114569f Added a test `UNPRIVILEGED_USER_SharedPersistentVolume`.
new cb70671 Added a test
`ROOT_UNPRIVILEGED_USER_TaskSandboxSharedPersistentVolume`.
new 1003935 Added a test
`ROOT_UNPRIVILEGED_USER_TaskSandboxLocalPersistentVolume`.
new 0d76597 Added tests for volume gid manager.
new 3944124 Reverted "Added `libacl` into a few Dockerfiles.".
The 16 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
3rdparty/stout/include/stout/windows.hpp | 4 +-
docs/configuration/agent.md | 13 +
include/mesos/slave/containerizer.proto | 7 +
src/CMakeLists.txt | 4 +-
src/Makefile.am | 11 +-
src/launcher/executor.cpp | 21 +-
src/local/local.cpp | 9 +
src/slave/containerizer/containerizer.cpp | 5 +-
src/slave/containerizer/containerizer.hpp | 5 +-
src/slave/containerizer/mesos/containerizer.cpp | 145 ++++--
src/slave/containerizer/mesos/containerizer.hpp | 9 +-
.../mesos/isolators/filesystem/linux.cpp | 146 ++++--
.../mesos/isolators/filesystem/linux.hpp | 12 +-
.../mesos/isolators/filesystem/posix.cpp | 157 ++++--
.../mesos/isolators/filesystem/posix.hpp | 13 +-
.../mesos/isolators/filesystem/windows.cpp | 11 +-
.../mesos/isolators/filesystem/windows.hpp | 11 +-
.../mesos/isolators/volume/sandbox_path.cpp | 67 ++-
.../mesos/isolators/volume/sandbox_path.hpp | 14 +-
src/slave/containerizer/mesos/launch.cpp | 4 +
src/slave/flags.cpp | 9 +
src/slave/flags.hpp | 1 +
src/slave/main.cpp | 28 +-
src/slave/paths.cpp | 7 +
src/slave/paths.hpp | 71 +--
src/slave/slave.cpp | 40 +-
src/slave/slave.hpp | 10 +
.../volume_gid_manager}/state.hpp | 9 +-
.../volume => volume_gid_manager}/state.proto | 22 +-
.../volume_gid_manager/volume_gid_manager.cpp | 519 +++++++++++++++++++
.../volume_gid_manager.hpp} | 49 +-
src/tests/CMakeLists.txt | 1 +
src/tests/cluster.cpp | 28 +-
.../linux_filesystem_isolator_tests.cpp | 101 ++++
.../containerizer/volume_gid_manager_tests.cpp | 563 +++++++++++++++++++++
.../volume_sandbox_path_isolator_tests.cpp | 128 +++++
src/tests/default_executor_tests.cpp | 283 +++++++++++
src/tests/mock_slave.cpp | 3 +
src/tests/mock_slave.hpp | 1 +
src/tests/persistent_volume_tests.cpp | 115 +++++
support/mesos-build/centos-7.dockerfile | 1 -
support/mesos-build/ubuntu-16.04-arm.dockerfile | 1 -
support/mesos-build/ubuntu-16.04.dockerfile | 1 -
support/mesos-tidy/Dockerfile | 1 -
support/packaging/centos/mesos.spec | 1 -
45 files changed, 2439 insertions(+), 222 deletions(-)
copy src/{resource_provider => slave/volume_gid_manager}/state.hpp (82%)
copy src/slave/{containerizer/mesos/isolators/docker/volume =>
volume_gid_manager}/state.proto (71%)
create mode 100644 src/slave/volume_gid_manager/volume_gid_manager.cpp
copy src/slave/{containerizer/mesos/isolators/volume/secret.hpp =>
volume_gid_manager/volume_gid_manager.hpp} (56%)
create mode 100644 src/tests/containerizer/volume_gid_manager_tests.cpp
