Gilbert Song created MESOS-7830:
-----------------------------------
Summary: Sandbox_path volume does not have ownership set correctly.
Key: MESOS-7830
URL: https://issues.apache.org/jira/browse/MESOS-7830
Project: Mesos
Issue Type: Bug
Components: sandbox_path volume
Reporter: Gilbert Song
Assignee: Gilbert Song
This issue was exposed when using sandbox_path volume to support shared volume
for nested containers under one task group. Here is a scenario:
The agent process runs as 'root' user, while the framework user is set as
'nobody'. No matter the commandinfo user is set or not, any non-root user
cannot access the sandbox_path volume (e.g., a PARENT sandbox_path volume is
not writable from a nested container). This is because the source path at the
parent sandbox level is created by the agent process (aka root in this case).
While the operator is responsible for guaranteeing a nested container should
have permission to write to its sandbox path volume at its parent's sandbox, we
should guarantee the source path created at parent's sandbox should be set as
the same ownership as this sandbox's ownership.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
