Re: Review Request 72478: Changed permissions for domain sockets to allow non-root executors.

Wed, 06 May 2020 12:59:47 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72478/#review220663
-----------------------------------------------------------



Patch looks great!

Reviews applied: [72475, 72478]

Passed command: export OS='ubuntu:16.04' BUILDTOOL='autotools' COMPILER='gcc' 
CONFIGURATION='--verbose --disable-libtool-wrappers 
--disable-parallel-test-execution' ENVIRONMENT='GLOG_v=1 MESOS_VERBOSE=1'; 
./support/jenkins/buildbot.sh

- Mesos Reviewbot


On May 6, 2020, 6:19 p.m., Andrei Budnik wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72478/
> -----------------------------------------------------------
> 
> (Updated May 6, 2020, 6:19 p.m.)
> 
> 
> Review request for mesos, Andrei Sekretenko, Benjamin Mahler, Greg Mann, and 
> Qian Zhang.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Previously, the default permissions for domain sockets allowed
> r/w access only for the file's user, so an executor launched under
> a non-privileged user could not open the agent's socket. This patch
> adds r/w permissions for the group and other users to address
> the access problem.
> 
> 
> Diffs
> -----
> 
>   src/common/domain_sockets.hpp 6d2b0abfa456aa2b95d60057ecc94c6f075e74d9 
> 
> 
> Diff: https://reviews.apache.org/r/72478/diff/1/
> 
> 
> Testing
> -------
> 
> # Without this patch
> 
> 1. run master:
> ```
> $ bin/mesos-master.sh --work_dir=~/mesos/build/vars/master
> ```
> 
> 2. run agent with `--http_executor_domain_sockets=true` and 
> `--http_command_executor=true`:
> ```
> $ sudo GLOG_v=2 ./bin/mesos-agent.sh --resources="cpus:10;mem:100000" 
> --http_executor_domain_sockets=true --http_command_executor=true 
> --work_dir=/home/nobody/mesos/build/var/agent-1' 
> --containerizers="docker,mesos" --master="`hostname`:5050"
> ```
> 
> 3. launch a task via `mesos-execute` as a non-root user:
> ```
> $ ./src/mesos-execute --master="`hostname`:5050" --name="a" 
> --containerizer=mesos --command="sleep 1"
> 
> ...
> Received status update TASK_FAILED for task 'a'
>   message: 'Executor terminated'
>   source: SOURCE_AGENT
>   reason: REASON_EXECUTOR_TERMINATED
> ```
> 
> # This patch applied
> 
> Task successfully finished.
> 
> 
> Thanks,
> 
> Andrei Budnik
> 
>

Reply via email to