Given our default Aurora and Thermos setup where the executor is launched as `root`:
* In Mesos < 1.6: * `/var/lib/mesos/slaves/x/frameworks/y/executors/z/runs/latest/` is owned by `root` * permissions are `755` * In Mesos >= 1.6: * `/var/lib/mesos/slaves/x/frameworks/y/executors/z/runs/latest/` is owned by `root` * permissions are now `750` With this change, we now let Thermos change the owner of `/var/lib/mesos/slaves/x/frameworks/y/executors/z/runs/latest/` to `role` but let the permissions unchanged. This matches the intend of Mesos that the sandbox should be read/writeable by the enduser processes and by nobody else. I have verified that this works in 1.5 and 1.6 by running the end-to-end tests with both versions. I therefore think that this is degrades gracefully as expected. [ Full content available at: https://github.com/apache/aurora/pull/28 ] This message was relayed via gitbox.apache.org for [email protected]
