Change launcher working directory before dropping privilege. The launcher needs to change its working directory before dropping privilege by switching users and installing capabilities, because afterwards it might not have access to traverse to the desired working directory.
Review: https://reviews.apache.org/r/59551/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/10a0af0a Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/10a0af0a Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/10a0af0a Branch: refs/heads/1.3.x Commit: 10a0af0a9c926b4b51f8d2d3f24d7c5882cb7a9d Parents: 08c4316 Author: James Peach <jpe...@apache.org> Authored: Fri Jun 16 20:44:54 2017 -0700 Committer: Gilbert Song <songzihao1...@gmail.com> Committed: Thu Aug 17 01:20:21 2017 -0700 ---------------------------------------------------------------------- src/slave/containerizer/mesos/launch.cpp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/10a0af0a/src/slave/containerizer/mesos/launch.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/launch.cpp b/src/slave/containerizer/mesos/launch.cpp index d5da7af..2308bac 100644 --- a/src/slave/containerizer/mesos/launch.cpp +++ b/src/slave/containerizer/mesos/launch.cpp @@ -560,6 +560,16 @@ int MesosContainerizerLaunch::execute() } #endif // __WINDOWS__ + if (launchInfo.has_working_directory()) { + Try<Nothing> chdir = os::chdir(launchInfo.working_directory()); + if (chdir.isError()) { + cerr << "Failed to chdir into current working directory " + << "'" << launchInfo.working_directory() << "': " + << chdir.error() << endl; + exitWithStatus(EXIT_FAILURE); + } + } + #ifndef __WINDOWS__ // Change user if provided. Note that we do that after executing the // preparation commands so that those commands will be run with the @@ -625,16 +635,6 @@ int MesosContainerizerLaunch::execute() } #endif // __linux__ - if (launchInfo.has_working_directory()) { - Try<Nothing> chdir = os::chdir(launchInfo.working_directory()); - if (chdir.isError()) { - cerr << "Failed to chdir into current working directory " - << "'" << launchInfo.working_directory() << "': " - << chdir.error() << endl; - exitWithStatus(EXIT_FAILURE); - } - } - // Prepare the executable and the argument list for the child. string executable(launchInfo.command().shell() ? os::Shell::name
