> On July 25, 2017, 4:25 p.m., Jie Yu wrote: > > src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp > > Lines 164-175 (original), 164-177 (patched) > > <https://reviews.apache.org/r/61120/diff/1/?file=1782378#file1782378line164> > > > > If `source` already exists, let's try not to do chown.
Agree. - Gilbert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61120/#review181402 ----------------------------------------------------------- On July 25, 2017, 4:15 p.m., Gilbert Song wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/61120/ > ----------------------------------------------------------- > > (Updated July 25, 2017, 4:15 p.m.) > > > Review request for mesos, Greg Mann, Ilya Pronin, Jie Yu, James Peach, Vinod > Kone, and Jiang Yan Xu. > > > Bugs: MESOS-7830 > https://issues.apache.org/jira/browse/MESOS-7830 > > > Repository: mesos > > > Description > ------- > > This bugfix addresses the issue from MESOS-7830. Basically, the > sandbox path volume ownership was not set correctly. This issue > can be exposed if a framework user is non-root while the agent > process runs as root. Then, the non-root user does not have > permissions to write to this volume. > > The correct solution should be giving permissions to corresponding > users by leveraging supplementary groups. But we can still > introduce a workaround in this patch by changing the ownership > of the sandbox path volume to its sandbox's ownership. > > > Diffs > ----- > > src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp > 6f7304d4aa40eb1b4815ffc1fec61f7e98291cba > > > Diff: https://reviews.apache.org/r/61120/diff/1/ > > > Testing > ------- > > make check > > > Thanks, > > Gilbert Song > >
