Sounds good to me. If I understand correctly, you want to treat this is a bug and backport it to previous release branches? So, you are also asking whether backporting this bug will be considered a breaking change for any existing users?
On Thu, Oct 25, 2018 at 11:46 AM James Peach <jpe...@apache.org> wrote: > > > On Oct 23, 2018, at 7:47 PM, Qian Zhang <zhq527...@gmail.com> wrote: > > Hi all, > > Currently when launching a debug container (e.g., via `dcos task exec` or > command health check) to debug a task, by default Mesos agent will use the > executor's user as the debug container's user. There are actually 2 cases: > 1. Command task: Since the command executor's user is same with command > task's user, so the debug container will be launched as the same user of > the command task. > 2. The task in a task group: The default executor's user is same with the > framework user, so in this case the debug container will be launched as the > same user of the framework rather than the task. > > Basically I think the behavior of case 1 is correct. For case 2, we may > run into a situation that the task is run as a user (e.g., root), but the > debug container used to debug that task is run as another user (e.g., a > normal user, suppose framework is run as a normal user), this may not be > what user expects. > > So I created MESOS-9332 <https://issues.apache.org/jira/browse/MESOS-9332> and > propose to run debug container as the same user of its parent container > (i.e., the task to be debugged) by default. Please let me know if you have > any comments, thanks! > > > This sounds like a sensible default to me. I can imagine for debug use > cases you might want to run the debug container as root or give it elevated > capabilities, but that should not be the default. > > J >