----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72478/ -----------------------------------------------------------
Review request for mesos, Andrei Sekretenko, Benjamin Mahler, Greg Mann, and Qian Zhang. Repository: mesos Description ------- Previously, the default permissions for domain sockets allowed r/w access only for the file's user, so an executor launched under a non-privileged user could not open the agent's socket. This patch adds r/w permissions for the group and other users to address the access problem. Diffs ----- src/common/domain_sockets.hpp 6d2b0abfa456aa2b95d60057ecc94c6f075e74d9 Diff: https://reviews.apache.org/r/72478/diff/1/ Testing ------- # Without this patch 1. run master: ``` $ bin/mesos-master.sh --work_dir=~/mesos/build/vars/master ``` 2. run agent with `--http_executor_domain_sockets=true` and `--http_command_executor=true`: ``` $ sudo GLOG_v=2 ./bin/mesos-agent.sh --resources="cpus:10;mem:100000" --http_executor_domain_sockets=true --http_command_executor=true --work_dir=/home/nobody/mesos/build/var/agent-1' --containerizers="docker,mesos" --master="`hostname`:5050" ``` 3. launch a task via `mesos-execute` as a non-root user: ``` $ ./src/mesos-execute --master="`hostname`:5050" --name="a" --containerizer=mesos --command="sleep 1" ... Received status update TASK_FAILED for task 'a' message: 'Executor terminated' source: SOURCE_AGENT reason: REASON_EXECUTOR_TERMINATED ``` # This patch applied Task successfully finished. Thanks, Andrei Budnik
