Chun-Hung Hsiao created MESOS-9050:
--------------------------------------
Summary: Mesos fetcher should use agent's credential to fetch
artifacts.
Key: MESOS-9050
URL: https://issues.apache.org/jira/browse/MESOS-9050
Project: Mesos
Issue Type: Bug
Components: containerization
Reporter: Chun-Hung Hsiao
When launching a container, Mesos setuid to the task's credential before
fetching the artifacts into the executor sandbox. However, if any directory in
the sandbox path forbids 'x' mode for the task's credential, the fetcher won't
be able to store the artifact into the sandbox, but instead get an {{EACCES}}
from
https://github.com/apache/mesos/blob/master/3rdparty/stout/include/stout/net.hpp#L214
We should use the agent's credential to fetch the artifacts, {{chown}} them,
then setuid.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
