[
https://issues.apache.org/jira/browse/MESOS-719?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ken Simon updated MESOS-719:
----------------------------
Attachment: MESOS-719-0.20.1.patch
Attached is a patch I've been using that fixes this. It calls initgroups after
calling setgid so that the auxiliary groups for the su'd user are set.
This is important for docker support because it lets you add your mesos user to
the docker group so it can talk to docker through /var/run/docker.sock (which
is owned by a docker group by default in most installations.) Without
initgroups, the mesos user only has its primary GID set.
> missing-call-to-setgroups
> -------------------------
>
> Key: MESOS-719
> URL: https://issues.apache.org/jira/browse/MESOS-719
> Project: Mesos
> Issue Type: Bug
> Components: general
> Affects Versions: 0.15.0
> Reporter: Timothy St. Clair
> Labels: newbie
> Attachments: MESOS-719-0.20.1.patch
>
>
> This traces into stout/os.hpp
> in vetting the code as part of fedora packaging, rpmlint outputs an error
> around priv-changing .
> mesos.x86_64: E: missing-call-to-setgroups /usr/lib64/libmesos-0.15.0.so.0.0.0
> https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
