> On Oct. 10, 2016, 7:44 p.m., Santhosh Kumar Shanmugham wrote:
> > docs/reference/scheduler-configuration.md, line 46
> > <https://reviews.apache.org/r/52588/diff/4/?file=1527268#file1527268line46>
> >
> >     Is there anyother place (or item) where we describe the 'privilege 
> > escalation threat' in detail. If so, can we link it here and where ever we 
> > mention it.

We don't but I think aribtrary mounts are self explaining. If you have 
`/secrets/role_a` and `/secrets/role_b` a job launched by `role_a` could mount 
in the secrets from `role_b`.


> On Oct. 10, 2016, 7:44 p.m., Santhosh Kumar Shanmugham wrote:
> > src/main/java/org/apache/aurora/scheduler/storage/db/TaskConfigMapper.java, 
> > line 202
> > <https://reviews.apache.org/r/52588/diff/4/?file=1527275#file1527275line202>
> >
> >     nit - s/tasks/task's

done.


> On Oct. 10, 2016, 7:44 p.m., Santhosh Kumar Shanmugham wrote:
> > src/main/java/org/apache/aurora/scheduler/storage/db/views/DbContainer.java,
> >  line 40
> > <https://reviews.apache.org/r/52588/diff/4/?file=1527279#file1527279line40>
> >
> >     .setVolumes(volumes) ?

If there is no image, it doesn't make sense to me to have mounts, the task can 
just read the locations from the host. There is no FS isolation.


> On Oct. 10, 2016, 7:44 p.m., Santhosh Kumar Shanmugham wrote:
> > src/main/java/org/apache/aurora/scheduler/storage/db/migration/V009_CreateContainerVolumesTable.java,
> >  lines 33-37
> > <https://reviews.apache.org/r/52588/diff/4/?file=1527276#file1527276line33>
> >
> >     Am I missing something here? volume_modes table is not referenced in 
> > any INSERTs or SELECT.

I can see how this is confusing.

SQL tables that map to enums are dealt with in a special manner. The schema is 
always integer to name, so something like `id: 1` and `name: RW`. They are 
inserted on storage startup in `DBStorage.startUp`. See this snippet:
```
    for (Mode mode : Mode.values()) {
      enumValueMapper.addEnumValue("volume_modes", mode.getValue(), 
mode.name());
    }
```

This is done at the same time we load the schema.


- Zameer


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52588/#review152092
-----------------------------------------------------------


On Oct. 7, 2016, 12:19 p.m., Zameer Manji wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52588/
> -----------------------------------------------------------
> 
> (Updated Oct. 7, 2016, 12:19 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen, Santhosh Kumar Shanmugham, and 
> Stephan Erb.
> 
> 
> Bugs: AURORA-1107
>     https://issues.apache.org/jira/browse/AURORA-1107
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> This allows users to specify volume mounts for tasks using the unified
> containerizer if the operator permits them. This is analogous to enabling 
> docker
> parameters per task and using the `--volume` parameter.
> 
> This does not include the needed DSL changes or an e2e test which will be in a
> subsequent diff.
> 
> 
> Diffs
> -----
> 
>   RELEASE-NOTES.md f3dd8bb0f983c560f29ac39824e517c9f145d69e 
>   api/src/main/thrift/org/apache/aurora/gen/api.thrift 
> 0c74665f750571ccfdeda5a0b71cccbe169716a7 
>   docs/reference/scheduler-configuration.md 
> e6b19f01ef276962143dabbaeec4fdf980291a28 
>   src/main/java/org/apache/aurora/scheduler/app/AppModule.java 
> c6c2a6d4ec48681378210d1fcb7909fd088d2afb 
>   src/main/java/org/apache/aurora/scheduler/base/TaskTestUtil.java 
> 3bd22a0d47cf0793c749b008ccbdf58033c75a11 
>   
> src/main/java/org/apache/aurora/scheduler/configuration/ConfigurationManager.java
>  701f79c900e1d5794741475333805d1c12af58dd 
>   src/main/java/org/apache/aurora/scheduler/mesos/MesosTaskFactory.java 
> 9038c36e4ae05ade273a1c218b7a7e8af218ae39 
>   src/main/java/org/apache/aurora/scheduler/storage/db/DbStorage.java 
> acb44984b4aa38bbe1cac8f805754d55dbe39f3a 
>   src/main/java/org/apache/aurora/scheduler/storage/db/TaskConfigManager.java 
> e137e57a0b111b9320e6902aa586d7f24e0d5c58 
>   src/main/java/org/apache/aurora/scheduler/storage/db/TaskConfigMapper.java 
> 151306a567448c45223e90c8a29ac6ecbc9f6653 
>   
> src/main/java/org/apache/aurora/scheduler/storage/db/migration/V009_CreateContainerVolumesTable.java
>  PRE-CREATION 
>   
> src/main/java/org/apache/aurora/scheduler/storage/db/typehandlers/TypeHandlers.java
>  e30c387239e868daedf496dd886df4d8c00f1fc3 
>   
> src/main/java/org/apache/aurora/scheduler/storage/db/typehandlers/VolumeModeTypeHandler.java
>  PRE-CREATION 
>   src/main/java/org/apache/aurora/scheduler/storage/db/views/DbContainer.java 
> 8d4d7eca3a17a3b96bbbdec9271503e7e71b3aff 
>   
> src/main/resources/org/apache/aurora/scheduler/storage/db/TaskConfigMapper.xml
>  3fce25f5e6d180a20dc3ace83f666d47bf32c0c5 
>   src/main/resources/org/apache/aurora/scheduler/storage/db/schema.sql 
> e943c647af4d0bdb1c733813d019d91942fbbc95 
>   
> src/test/java/org/apache/aurora/scheduler/configuration/ConfigurationManagerTest.java
>  db9f276c1ad26b33ff66f679787ee798bbb69c80 
>   
> src/test/java/org/apache/aurora/scheduler/mesos/MesosTaskFactoryImplTest.java 
> bd052abd65109544be92d3e292f1c2b238c86135 
>   
> src/test/java/org/apache/aurora/scheduler/storage/AbstractTaskStoreTest.java 
> 3d07292c83c229cc85d3ad624a7a7a65ef0dcd51 
>   src/test/java/org/apache/aurora/scheduler/thrift/Fixtures.java 
> 95b371627d23f7ed3472561f17880bf3c4259b96 
>   src/test/java/org/apache/aurora/scheduler/thrift/ThriftIT.java 
> e578f5a3076b8f1aad86247b815d05c8244dddc8 
> 
> Diff: https://reviews.apache.org/r/52588/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Zameer Manji
> 
>

Reply via email to