Probably needs a heads up on the dev/user list since this is a user visible change.
On Thu, Dec 14, 2017 at 4:09 PM, James Peach <jpe...@apache.org> wrote: > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/64630/ > Review request for mesos, Andrew Schwartzmeyer, Jie Yu, and Vinod Kone. > By James Peach. > *Bugs: * MESOS-8332 <https://issues.apache.org/jira/browse/MESOS-8332> > *Repository: * mesos > Description > > Since task sandboxes can contain private data, we should not > make them accessible to others by default. This changes all the > places that create a task sandbox directory to use a helper > APIslave::paths::createSandboxPath that consistently deals with > setting the directory mode and ownership. > > A number of tests depended on the previous behavior where > failing to change the ownership was logged but did not cause > a failure. Depending on the test, these were updated to either > disable the agent switch_user flag, or to specify the current > user in the task launch message. > > Testing > > make check (Fedora 27) > > Diffs > > - src/slave/containerizer/mesos/containerizer.cpp ( > 7ab0b07f689f872573ca458ae47cd6426ebc0365) > - src/slave/containerizer/mesos/paths.cpp ( > 8a188a918873eef468a984b80f5ea7ebaa8fb923) > - src/slave/http.cpp (ed22b9f6bfa1c480a0672ce25d364bba6e33a200) > - src/slave/paths.hpp (9cbacd8da62e7c7386dca7031fc09a46ae773161) > - src/slave/paths.cpp (fca2a0eec2a75ed76028ea54dc992502275d4bce) > - src/tests/api_tests.cpp (86cbba4fab5e7a45298d17f3f2969391cc18be68) > - src/tests/master_allocator_tests.cpp (9bca27c7612b9ac4813f794bcc9ed3 > 8aeed078e5) > - src/tests/master_authorization_tests.cpp ( > 676543a5ad1bb5d47011fc2a8b05dfaaeef18c64) > - src/tests/slave_authorization_tests.cpp ( > 4ba0b8e96614a2df0daec576c08fe02462ccaa27) > > View Diff <https://reviews.apache.org/r/64630/diff/1/> >