[
https://issues.apache.org/jira/browse/MESOS-3083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Artem Harutyunyan updated MESOS-3083:
-------------------------------------
Story Points: 5
> Doing 'clone' on Linux with the CLONE_NEWUSER namespace type can drop root
> privileges.
> --------------------------------------------------------------------------------------
>
> Key: MESOS-3083
> URL: https://issues.apache.org/jira/browse/MESOS-3083
> Project: Mesos
> Issue Type: Bug
> Components: containerization
> Environment: Ubuntu 14.04 (virtual machine)
> Reporter: Benjamin Hindman
> Labels: mesosphere
>
> The namespace tests attempt to clone a process with all namespaces that are
> available from the kernel which includes the 'user' namespace in Ubuntu 14.04
> which causes the child process to be user 'nobody' instead of user 'root'
> after invoking 'clone' which is bad because the test requires that the child
> process is 'root' and so things fail (because of insufficient permissions).
> For now, we explicitly ignore the 'user' namespace in the tests, but this
> issue is to track exactly how we might want to manage this going forward.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
