Repository: mesos Updated Branches: refs/heads/master 258363a56 -> 855550074
Fixed mesos containerizer to support docker image WORKDIR missing. Some docker image may have 'WORKDIR' set in its manifest but that 'WORKDIR' does not exist in the image rootfs (e.g., the workdir is removed in the following dockerfile). >From the reference of dockerfile, "If the WORKDIR doesnât exist, it will be created even if itâs not used in any subsequent Dockerfile instruction". So we should create the working directory if it does not exist in the image's rootfs. Review: https://reviews.apache.org/r/61602 Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/917b2292 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/917b2292 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/917b2292 Branch: refs/heads/master Commit: 917b229219338846427efd1f1f2c5906c7eb238f Parents: 258363a Author: Gilbert Song <songzihao1...@gmail.com> Authored: Fri Aug 11 17:52:18 2017 -0700 Committer: Gilbert Song <songzihao1...@gmail.com> Committed: Wed Aug 16 21:54:37 2017 -0700 ---------------------------------------------------------------------- src/slave/containerizer/mesos/launch.cpp | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/917b2292/src/slave/containerizer/mesos/launch.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/launch.cpp b/src/slave/containerizer/mesos/launch.cpp index 8e66293..0affcf5 100644 --- a/src/slave/containerizer/mesos/launch.cpp +++ b/src/slave/containerizer/mesos/launch.cpp @@ -565,6 +565,29 @@ int MesosContainerizerLaunch::execute() #endif // __WINDOWS__ if (launchInfo.has_working_directory()) { + // If working directory does not exist (e.g., being removed from + // the container image), create an empty directory even it may + // not be used. Please note that this case can only be possible + // if an image has 'WORKDIR' specified in its manifest but that + // 'WORKDIR' does not exist in the image's rootfs. + // + // TODO(gilbert): Set the proper ownership to this working + // directory to make sure a specified non-root user has the + // permission to write to this working directory. Right now + // it is owned by root, and any non-root user will fail to + // write to this directory. Please note that this is identical + // to the semantic as docker daemon. The semantic can be + // verified by: + // 'docker run -ti -u nobody quay.io/spinnaker/front50:master bash' + // The ownership of '/workdir' is root. Creating any file under + // '/workdir' will fail for 'Permission denied'. + Try<Nothing> mkdir = os::mkdir(launchInfo.working_directory()); + if (mkdir.isError()) { + cerr << "Failed to create working directory " + << "'" << launchInfo.working_directory() << "': " + << mkdir.error() << endl; + } + Try<Nothing> chdir = os::chdir(launchInfo.working_directory()); if (chdir.isError()) { cerr << "Failed to chdir into current working directory "