Re: Review Request 52854: Fixed the sandbox owner for command tasks.

2016-10-14 Thread Gilbert Song 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52854/#review152698
---


Ship it!





src/launcher/posix/executor.cpp (lines 99 - 100)


I guess you dont want to introduce another workaround in fetcher to `chown` 
files, right? And most likely we may not deprecate the command executor in a 
near term.



src/launcher/posix/executor.cpp (line 102)


Should we add a one-line comment for `not using recursive mode` to chown 
sandbox?


- Gilbert Song


On Oct. 13, 2016, 8:36 p.m., Jie Yu wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52854/
> ---
> 
> (Updated Oct. 13, 2016, 8:36 p.m.)
> 
> 
> Review request for mesos and Gilbert Song.
> 
> 
> Bugs: MESOS-6391
> https://issues.apache.org/jira/browse/MESOS-6391
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> If the task has a rootfs, the command executor will be run under root
> because it needs to perform pivot_root. Prior to this patch, if the
> task wants to run under an unprivileged user, the sandbox of that task
> will not be writable because it's owned by root.
> 
> This patch fixed the issue (MESOS-6391). The command executor now
> changes the owner (non-recursively) of the sandbox to match that of
> the task when rootfs is specified for the task.
> 
> 
> Diffs
> -
> 
>   src/launcher/posix/executor.cpp fdee17c5e19b94c350ee192522087051d9c9fe74 
> 
> Diff: https://reviews.apache.org/r/52854/diff/
> 
> 
> Testing
> ---
> 
> sudo make check
> 
> 
> Thanks,
> 
> Jie Yu
> 
>

Review Request 52854: Fixed the sandbox owner for command tasks.

2016-10-13 Thread Jie Yu 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52854/
---

Review request for mesos and Gilbert Song.


Bugs: MESOS-6391
https://issues.apache.org/jira/browse/MESOS-6391


Repository: mesos


Description
---

If the task has a rootfs, the command executor will be run under root
because it needs to perform pivot_root. Prior to this patch, if the
task wants to run under an unprivileged user, the sandbox of that task
will not be writable because it's owned by root.

This patch fixed the issue (MESOS-6391). The command executor now
changes the owner (non-recursively) of the sandbox to match that of
the task when rootfs is specified for the task.


Diffs
-

  src/launcher/posix/executor.cpp fdee17c5e19b94c350ee192522087051d9c9fe74 

Diff: https://reviews.apache.org/r/52854/diff/


Testing
---

sudo make check


Thanks,

Jie Yu