[ https://issues.apache.org/jira/browse/MESOS-6391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15576990#comment-15576990 ]
Jie Yu commented on MESOS-6391: ------------------------------- Looks like 0.28.3 backport is a bit very challenging. > Command task's sandbox should not be owned by root if it uses container image. > ------------------------------------------------------------------------------ > > Key: MESOS-6391 > URL: https://issues.apache.org/jira/browse/MESOS-6391 > Project: Mesos > Issue Type: Bug > Affects Versions: 0.28.2, 1.0.1 > Reporter: Jie Yu > Assignee: Jie Yu > Priority: Blocker > Fix For: 1.0.2, 1.1.0 > > > Currently, if the task defines a container image, the command executor will > be run under root because it needs to perform pivot_root. > That means if the task wants to run under an unprivileged user, the sandbox > of that task will not be writable because it's owned by root. -- This message was sent by Atlassian JIRA (v6.3.4#6332)