[ 
https://issues.apache.org/jira/browse/MESOS-6391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15576956#comment-15576956
 ] 

Jie Yu commented on MESOS-6391:
-------------------------------

commit 6a47d0da23a45521e9fea5ff8f9d31d041a28bcb
Author: Jie Yu <yujie....@gmail.com>
Date:   Thu Oct 13 20:28:08 2016 -0700

    Fixed the sandbox owner for command tasks.
    
    If the task has a rootfs, the command executor will be run under root
    because it needs to perform pivot_root. Prior to this patch, if the
    task wants to run under an unprivileged user, the sandbox of that task
    will not be writable because it's owned by root.
    
    This patch fixed the issue (MESOS-6391). The command executor now
    changes the owner (non-recursively) of the sandbox to match that of
    the task when rootfs is specified for the task.
    
    Review: https://reviews.apache.org/r/52854

> Command task's sandbox should not be owned by root if it uses container image.
> ------------------------------------------------------------------------------
>
>                 Key: MESOS-6391
>                 URL: https://issues.apache.org/jira/browse/MESOS-6391
>             Project: Mesos
>          Issue Type: Bug
>    Affects Versions: 0.28.2, 1.0.1
>            Reporter: Jie Yu
>            Assignee: Jie Yu
>            Priority: Blocker
>
> Currently, if the task defines a container image, the command executor will 
> be run under root because it needs to perform pivot_root.
> That means if the task wants to run under an unprivileged user, the sandbox 
> of that task will not be writable because it's owned by root.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to