----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69345/#review211092 -----------------------------------------------------------
src/slave/containerizer/mesos/containerizer.cpp Lines 418 (patched) <https://reviews.apache.org/r/69345/#comment295993> it should be fine to copy `volumeGidManager` by value in this capture list. src/slave/containerizer/mesos/containerizer.cpp Lines 1631 (patched) <https://reviews.apache.org/r/69345/#comment295994> Probably, we should add `CHECK(!launchInfo.has_supplementary_groups()) << "<error message>"` instead of `launchInfo.clear_supplementary_groups();`. src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp Lines 437 (patched) <https://reviews.apache.org/r/69345/#comment295995> Consider adding log messages like "Starting allocation of gids", "Finished allocation of gids" in order to simplify debugging of containers stuck in `PREPARING` state due to a slow/unresponsive disks. src/slave/main.cpp Lines 639 (patched) <https://reviews.apache.org/r/69345/#comment295991> I think we can safely omit `if` check here. src/slave/main.cpp Lines 639 (patched) <https://reviews.apache.org/r/69345/#comment295992> I think we can safely omit `if` check here since calling `delete` on `nullprt` has no effect. - Andrei Budnik On Dec. 4, 2018, 2:42 a.m., Qian Zhang wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69345/ > ----------------------------------------------------------- > > (Updated Dec. 4, 2018, 2:42 a.m.) > > > Review request for mesos, Andrei Budnik, Gilbert Song, Greg Mann, Ilya > Pronin, and Jie Yu. > > > Bugs: MESOS-8810 > https://issues.apache.org/jira/browse/MESOS-8810 > > > Repository: mesos > > > Description > ------- > > If a nested container running as a non-root user tries to use a > SANDBOX_PATH volume of PARENT type, we will make sure the volume owned > by a unique gid allocated by the volume gid manager and the container > process launched with that gid as its supplementary group. > > > Diffs > ----- > > include/mesos/slave/containerizer.proto > 5b4dcdda0f55ea3355c78d1447c7be9ca54d9dc9 > src/local/local.cpp 608706811486e59b9472c026876d1d84cbccc279 > src/slave/containerizer/containerizer.hpp > 66f73a306deffc51503479420531ea1948c574e1 > src/slave/containerizer/containerizer.cpp > c6b5e64a72d16b871dcbfc17c05566affea6bd44 > src/slave/containerizer/mesos/containerizer.hpp > 3102b8755c1fa3b205081d0198c6021c02d15ec6 > src/slave/containerizer/mesos/containerizer.cpp > a5cf2da55c046c5c45e0c2ca3400f64de12de62b > src/slave/containerizer/mesos/isolators/volume/sandbox_path.hpp > 1631160236379f84c6e1ed1be1370b5f2f2fd563 > src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp > 300b3d95d74b73fbe0221096f3f3f172be745081 > src/slave/containerizer/mesos/launch.cpp > 882bcdf89e2b0cca3d3f62e6d017849a51ceaead > src/slave/main.cpp e774092ff2c3941f17cdebfb26d80c05a26497c6 > src/slave/slave.hpp 0bd340176e2a8cefdfa7ef71e059441fb171aff6 > src/slave/slave.cpp 74f6fb9036a9ac4f587f53ec2df04eeb4c167bfb > src/tests/cluster.cpp 2b351ca70d8e80008e49722aa7d46918b5ecd9b0 > src/tests/mock_slave.hpp 3c0d602a981d76dcf10f9e413851e606d835e113 > src/tests/mock_slave.cpp a78ca9c7911bb7928a93be6867abe62e8cd20712 > > > Diff: https://reviews.apache.org/r/69345/diff/4/ > > > Testing > ------- > > > Thanks, > > Qian Zhang > >
