[
https://issues.apache.org/jira/browse/AURORA-1909?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15940062#comment-15940062
]
Stephan Erb commented on AURORA-1909:
-------------------------------------
Regardless of the bug itself, I am wondering why you are using the
{{nosetuid_health_checks}} option. It sounds like a very severe security risk
to me if you allow arbitrary users to run their health checks as root. This
might be acceptable in the DockerContainerizer which (as far as I know) uses
user namespaces, but this is not the case for the MesosContainerizer.
> Thermos Health Check fails for MesosContainerizer if
> `--nosetuid-health-checks` is set
> --------------------------------------------------------------------------------------
>
> Key: AURORA-1909
> URL: https://issues.apache.org/jira/browse/AURORA-1909
> Project: Aurora
> Issue Type: Bug
> Components: Executor
> Reporter: Charles Raimbert
> Assignee: Charles Raimbert
> Labels: easyfix
>
> With MesosContainerizer, the sandbox is of type FileSystemImageSandbox and
> the health check is performed using a "mesos-containerizer launch" process,
> but there is actually a code bug in the way of getting the user under which
> to run the health check process:
> https://github.com/apache/aurora/blob/master/src/main/python/apache/aurora/executor/common/health_checker.py#L370
> {code}
> health_check_user = (os.getusername() if self._nosetuid_health_checks
> else assigned_task.task.job.role)
> {code}
> If the Aurora scheduler is configured with `--nosetuid-health-checks` then
> "os.getusername()" is executed, but the python "os" module does not present a
> "getusername()" function.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
