Benjamin Hindman created MESOS-3083:
---------------------------------------
Summary: Doing 'clone' on Linux with the CLONE_NEWUSER namespace
type can drop root privileges.
Key: MESOS-3083
URL: https://issues.apache.org/jira/browse/MESOS-3083
Project: Mesos
Issue Type: Bug
Components: containerization
Environment: Ubuntu 14.04 (virtual machine)
Reporter: Benjamin Hindman
The namespace tests attempt to clone a process with all namespaces that are
available from the kernel which includes the 'user' namespace in Ubuntu 14.04
which causes the child process to be user 'nobody' instead of user 'root' after
invoking 'clone' which is bad because the test requires that the child process
is 'root' and so things fail (because of insufficient permissions). For now, we
explicitly ignore the 'user' namespace in the tests, but this issue is to track
exactly how we might want to manage this going forward.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
