This is an automated email from the ASF dual-hosted git repository. gilbert pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 8c79ba6428ba8e3f059d68522ccf63e7b1738714 Author: Gilbert Song <[email protected]> AuthorDate: Wed Aug 7 17:05:33 2019 -0700 Supported chown docker volumes in the docker volume isolator. If the agent flag --docker_volume_chown is true, Mesos will chown the docker volume to the container user non-recursively. Review: https://reviews.apache.org/r/71248 --- .../mesos/isolators/docker/volume/isolator.cpp | 17 +++++++++++++++++ .../mesos/isolators/docker/volume/isolator.hpp | 1 + 2 files changed, 18 insertions(+) diff --git a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp index 40119d9..e4a19c4 100644 --- a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp +++ b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp @@ -541,6 +541,9 @@ Future<Option<ContainerLaunchInfo>> DockerVolumeIsolatorProcess::prepare( containerId, targets, volumeModes, + containerConfig.has_user() + ? containerConfig.user() + : Option<string>::none(), lambda::_1)); } @@ -549,6 +552,7 @@ Future<Option<ContainerLaunchInfo>> DockerVolumeIsolatorProcess::_prepare( const ContainerID& containerId, const vector<string>& targets, const vector<Volume::Mode>& volumeModes, + const Option<string>& user, const vector<Future<string>>& futures) { ContainerLaunchInfo launchInfo; @@ -577,6 +581,19 @@ Future<Option<ContainerLaunchInfo>> DockerVolumeIsolatorProcess::_prepare( const string& target = targets[i]; const Volume::Mode volumeMode = volumeModes[i]; + if (flags.docker_volume_chown && user.isSome() && user.get() != "root") { + LOG(INFO) << "Changing the ownership of the docker volume at '" + << source << "' to user '" << user.get() << "' for container " + << containerId; + + Try<Nothing> chown = os::chown(user.get(), source, false); + if (chown.isError()) { + return Failure( + "Failed to set '" + user.get() + "' as the docker volume '" + + source + "' owner: " + chown.error()); + } + } + LOG(INFO) << "Mounting docker volume mount point '" << source << "' to '" << target << "' for container " << containerId; diff --git a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.hpp b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.hpp index 2fd0493..e6bbc8a 100644 --- a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.hpp +++ b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.hpp @@ -83,6 +83,7 @@ private: const ContainerID& containerId, const std::vector<std::string>& targets, const std::vector<Volume::Mode>& volumeModes, + const Option<std::string>& user, const std::vector<process::Future<std::string>>& futures); process::Future<Nothing> _cleanup(
