Till Toenshoff created MESOS-6747:
-------------------------------------
Summary: ContainerLogger runnable must not inherit the slave
environment.
Key: MESOS-6747
URL: https://issues.apache.org/jira/browse/MESOS-6747
Project: Mesos
Issue Type: Bug
Reporter: Till Toenshoff
Priority: Blocker
The ContainerLogger module which forks a child process named
"mesos-logrotate-logger" does inherit the slave's environment. Specifically
things like {{LIBPROCESS_SSL_....}} variables are not meant to be picked up by
that runnable and cause issues as soon as the owning user is not the same as
the one owning the agent process.
So if the agent has an SSL key setup via {{LIBPROCESS_SSL_KEY_FILE}} and if
that key-file is readable by the agent user (root) only, then the
{{mesos-logrotate-logger}} will try to read that file as well even though it is
being run as nobody - that action will then fail the runnable and hence fail
the entire task.
{noformat}
Could not load key file '/my/funky/key/path/key.key' (OpenSSL error #33558541):
error:0200100D:system library:fopen:Permission denied
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
