-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52881/
-----------------------------------------------------------

Review request for mesos and Jie Yu.


Bugs: MESOS-6386
    https://issues.apache.org/jira/browse/MESOS-6386


Repository: mesos


Description
-------

The capabilities isolator test suites runs test as root where the
files executed might not reside in directories accessible even to root
after dropping all capabilities. We already ensured that the test
agent would always permit `DAC_READ_SEARCH` so that we could move this
one into the permitted set, but missed to ensure it was always present
when tasks set capabilities. This could lead to situtations where
e.g., `mesos-executor` could not be executed by the test.

This commit adds `DAC_READ_SEARCH` to the requested set for all
situation where where drop all capabilities required for tests.


Diffs
-----

  src/tests/containerizer/linux_capabilities_isolator_tests.cpp 
f040c209b4b4c87cef00b0569b7da7581f4ccf03 

Diff: https://reviews.apache.org/r/52881/diff/


Testing
-------

* as root: `./mesos-test 
--gtest_filter='*/LinuxCapabilitiesIsolatorTest.ROOT_Ping/*'`
* confirmed by inspection of the log output that all `launch` invocations were 
able
  to successly start the requested executables.


Thanks,

Benjamin Bannier

Reply via email to