[
https://issues.apache.org/jira/browse/MESOS-7830?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gilbert Song updated MESOS-7830:
--------------------------------
Labels: containerizer mesosphere volumes (was: containerizer volumes)
> Sandbox_path volume does not have ownership set correctly.
> ----------------------------------------------------------
>
> Key: MESOS-7830
> URL: https://issues.apache.org/jira/browse/MESOS-7830
> Project: Mesos
> Issue Type: Bug
> Components: sandbox_path volume
> Reporter: Gilbert Song
> Assignee: Gilbert Song
> Labels: containerizer, mesosphere, volumes
>
> This issue was exposed when using sandbox_path volume to support shared
> volume for nested containers under one task group. Here is a scenario:
> The agent process runs as 'root' user, while the framework user is set as
> 'nobody'. No matter the commandinfo user is set or not, any non-root user
> cannot access the sandbox_path volume (e.g., a PARENT sandbox_path volume is
> not writable from a nested container). This is because the source path at the
> parent sandbox level is created by the agent process (aka root in this case).
> While the operator is responsible for guaranteeing a nested container should
> have permission to write to its sandbox path volume at its parent's sandbox,
> we should guarantee the source path created at parent's sandbox should be set
> as the same ownership as this sandbox's ownership.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
