[
https://issues.apache.org/jira/browse/MESOS-9332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vinod Kone reassigned MESOS-9332:
---------------------------------
Assignee: Qian Zhang
> Debug container should run as the same user of its parent container by default
> ------------------------------------------------------------------------------
>
> Key: MESOS-9332
> URL: https://issues.apache.org/jira/browse/MESOS-9332
> Project: Mesos
> Issue Type: Bug
> Components: containerization
> Reporter: Qian Zhang
> Assignee: Qian Zhang
> Priority: Major
> Labels: containerizer, mesosphere
>
> Currently when launching a debug container, by default Mesos agent will use
> the executor's user as the debug container's user if the `user` field is not
> specified in the debug container's `commandInfo` (see [this
> code|https://github.com/apache/mesos/blob/1.7.0/src/slave/http.cpp#L2559] for
> details). This is OK for the command task since the command executor's user
> is same with command task's user (see [this
> code|https://github.com/apache/mesos/blob/1.7.0/src/slave/slave.cpp#L6068:L6070]
> for details), so the debug container will be launched as the same user of
> the task. But for the task in a task group, the default executor's user is
> same with the framework user (see [this
> code|https://github.com/apache/mesos/blob/1.7.0/src/slave/slave.cpp#L8959]
> for details), so in this case the debug container will be launched as the
> same user of the framework rather than the task. So in a scenario that
> framework user is a normal user but the task user is root, the debug
> container will be launched as the normal which is not desired, the
> expectation is the debug container should run as the same user of the
> container it debugs.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
