-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69376/
-----------------------------------------------------------
Review request for mesos and Gilbert Song.
Bugs: MESOS-9332
https://issues.apache.org/jira/browse/MESOS-9332
Repository: mesos
Description
-------
Previously we inherited user from parent container for nested
containers in `MesosContainerizerProcess::_launch`, but that
is too late which will cause an issue that the nested container
is launched as a non-root user but its sandbox directory is
created with root as owner (suppose there is no user specified
in the nested container's `commandInfo` and the default executor
is launched as a non-root user), so the nested container will not
have the permission to write to its own sandbox.
In this patch, we inherit user for nested containers in an earlier
place (i.e., `MesosContainerizerProcess::launch`) to avoid the
above issue.
Diffs
-----
src/slave/containerizer/mesos/containerizer.cpp
181a4da1d18b215348d183f104157d996f2da096
Diff: https://reviews.apache.org/r/69376/diff/1/
Testing
-------
Thanks,
Qian Zhang
