-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52881/
-----------------------------------------------------------
Review request for mesos and Jie Yu.
Bugs: MESOS-6386
https://issues.apache.org/jira/browse/MESOS-6386
Repository: mesos
Description
-------
The capabilities isolator test suites runs test as root where the
files executed might not reside in directories accessible even to root
after dropping all capabilities. We already ensured that the test
agent would always permit `DAC_READ_SEARCH` so that we could move this
one into the permitted set, but missed to ensure it was always present
when tasks set capabilities. This could lead to situtations where
e.g., `mesos-executor` could not be executed by the test.
This commit adds `DAC_READ_SEARCH` to the requested set for all
situation where where drop all capabilities required for tests.
Diffs
-----
src/tests/containerizer/linux_capabilities_isolator_tests.cpp
f040c209b4b4c87cef00b0569b7da7581f4ccf03
Diff: https://reviews.apache.org/r/52881/diff/
Testing
-------
* as root: `./mesos-test
--gtest_filter='*/LinuxCapabilitiesIsolatorTest.ROOT_Ping/*'`
* confirmed by inspection of the log output that all `launch` invocations were
able
to successly start the requested executables.
Thanks,
Benjamin Bannier
