[
https://issues.apache.org/jira/browse/MESOS-7208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gilbert Song reassigned MESOS-7208:
-----------------------------------
Assignee: Gilbert Song
> Persistent volume ownership is set to root when task is running with non-root
> user
> ----------------------------------------------------------------------------------
>
> Key: MESOS-7208
> URL: https://issues.apache.org/jira/browse/MESOS-7208
> Project: Mesos
> Issue Type: Bug
> Affects Versions: 1.1.0
> Reporter: Nikolay Ustinov
> Assignee: Gilbert Song
>
> I’m running docker container in universal containerizer, mesos 1.1.0.
> switch_user=true, isolator=filesystem/linux,docker/runtime. Container is
> launched with marathon, “user”:”someappuser”. I’d want to use persistent
> volume, but it’s exposed to container with root user permissions even if root
> folder is created with someppuser ownership (looks like mesos do chown to
> this folder).
> here logs for my container:
> {code}
> I0305 22:51:36.414655 10175 slave.cpp:1701] Launching task
> 'md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a' for framework
> e9d0e39e-b67d-4142-b95d-b0987998eb92-0000
> I0305 22:51:36.415118 10175 paths.cpp:536] Trying to chown
> '/export/intssd/mesos-slave/workdir/slaves/85150805-a201-4b23-ab21-b332a458fc97-S10/frameworks/e9d0e39e-b67d-4142-b95d-b0987998eb92-0000/executors/md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a/runs/e978d4eb-5ec1-44ad-b50a-9ae6bfe1065a'
> to user 'root'
> I0305 22:51:36.422992 10175 slave.cpp:6179] Launching executor
> 'md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a' of framework
> e9d0e39e-b67d-4142-b95d-b0987998eb92-0000 with resources cpus(*):0.1;
> mem(*):32 in work directory
> '/export/intssd/mesos-slave/workdir/slaves/85150805-a201-4b23-ab21-b332a458fc97-S10/frameworks/e9d0e39e-b67d-4142-b95d-b0987998eb92-0000/executors/md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a/runs/e978d4eb-5ec1-44ad-b50a-9ae6bfe1065a'
> I0305 22:51:36.424278 10175 slave.cpp:1987] Queued task
> 'md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a' for executor
> 'md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a' of framework
> e9d0e39e-b67d-4142-b95d-b0987998eb92-0000
> I0305 22:51:36.424347 10158 docker.cpp:1000] Skipping non-docker container
> I0305 22:51:36.425639 10142 containerizer.cpp:938] Starting container
> e978d4eb-5ec1-44ad-b50a-9ae6bfe1065a for executor
> 'md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a' of framework
> e9d0e39e-b67d-4142-b95d-b0987998eb92-0000
> I0305 22:51:36.428725 10166 provisioner.cpp:294] Provisioning image rootfs
> '/export/intssd/mesos-slave/workdir/provisioner/containers/e978d4eb-5ec1-44ad-b50a-9ae6bfe1065a/backends/copy/rootfses/0e2181e9-1bf2-42d4-8cb0-ee70e466c3ae'
> for container e978d4eb-5ec1-44ad-b50a-9ae6bfe1065a
> I0305 22:51:42.981240 10149 linux.cpp:695] Changing the ownership of the
> persistent volume at
> '/export/intssd/mesos-slave/data/volumes/roles/general_marathon_service_role/md_hdfs_journal#data#23f813aa-01dd-11e7-a012-0242ce94d92a'
> with uid 0 and gid 0
> I0305 22:51:42.986593 10136 linux_launcher.cpp:421] Launching container
> e978d4eb-5ec1-44ad-b50a-9ae6bfe1065a and cloning with namespaces CLONE_NEWNS
> {code}
> {code}
> ls -la
> /export/intssd/mesos-slave/workdir/slaves/85150805-a201-4b23-ab21-b332a458fc97-S10/frameworks/e9d0e39e-b67d-4142-b95d-b0987998eb92-0000/executors/md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a/runs/e978d4eb-5ec1-44ad-b50a-9ae6bfe1065a/
> drwxr-xr-x 3 someappuser someappgroup 4096 22:51 .
> drwxr-xr-x 3 root root 4096 22:51 ..
> drwxr-xr-x 2 root root 4096 22:51 data
> -rw-r--r-- 1 root root 169 22:51 stderr
> -rw-r--r-- 1 root root 183012 23:00 stdout
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
