This is an automated email from the ASF dual-hosted git repository.

gilbert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git

commit 8c79ba6428ba8e3f059d68522ccf63e7b1738714
Author: Gilbert Song <[email protected]>
AuthorDate: Wed Aug 7 17:05:33 2019 -0700

    Supported chown docker volumes in the docker volume isolator.
    
    If the agent flag --docker_volume_chown is true, Mesos will chown
    the docker volume to the container user non-recursively.
    
    Review: https://reviews.apache.org/r/71248
---
 .../mesos/isolators/docker/volume/isolator.cpp          | 17 +++++++++++++++++
 .../mesos/isolators/docker/volume/isolator.hpp          |  1 +
 2 files changed, 18 insertions(+)

diff --git a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp 
b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
index 40119d9..e4a19c4 100644
--- a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
+++ b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
@@ -541,6 +541,9 @@ Future<Option<ContainerLaunchInfo>> 
DockerVolumeIsolatorProcess::prepare(
         containerId,
         targets,
         volumeModes,
+        containerConfig.has_user()
+          ? containerConfig.user()
+          : Option<string>::none(),
         lambda::_1));
 }
 
@@ -549,6 +552,7 @@ Future<Option<ContainerLaunchInfo>> 
DockerVolumeIsolatorProcess::_prepare(
     const ContainerID& containerId,
     const vector<string>& targets,
     const vector<Volume::Mode>& volumeModes,
+    const Option<string>& user,
     const vector<Future<string>>& futures)
 {
   ContainerLaunchInfo launchInfo;
@@ -577,6 +581,19 @@ Future<Option<ContainerLaunchInfo>> 
DockerVolumeIsolatorProcess::_prepare(
     const string& target = targets[i];
     const Volume::Mode volumeMode = volumeModes[i];
 
+    if (flags.docker_volume_chown && user.isSome() && user.get() != "root") {
+      LOG(INFO) << "Changing the ownership of the docker volume at '"
+                << source << "' to user '" << user.get() << "' for container "
+                << containerId;
+
+      Try<Nothing> chown = os::chown(user.get(), source, false);
+      if (chown.isError()) {
+        return Failure(
+            "Failed to set '" + user.get() + "' as the docker volume '" +
+            source + "' owner: " + chown.error());
+      }
+    }
+
     LOG(INFO) << "Mounting docker volume mount point '" << source
               << "' to '" << target << "' for container " << containerId;
 
diff --git a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.hpp 
b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.hpp
index 2fd0493..e6bbc8a 100644
--- a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.hpp
+++ b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.hpp
@@ -83,6 +83,7 @@ private:
       const ContainerID& containerId,
       const std::vector<std::string>& targets,
       const std::vector<Volume::Mode>& volumeModes,
+      const Option<std::string>& user,
       const std::vector<process::Future<std::string>>& futures);
 
   process::Future<Nothing> _cleanup(

Reply via email to