On Aug 12, 2015, at 3:28 PM, Nastooh Avessta (navesta) <[email protected]> wrote:
> Having a bit of a strange problem with Mesos 0.22, running Spark 1.4.0, on > Docker 1.6 slaves. Part of my Spark program calls on a script that accesses a > GPU. I am able to run this script: > 1. As Bash > 2. Via Marathon > 3. As part of a Spark program running as a standalone master > However, when I try to run the same Spark program with Mesos as master, i.e., > spark-submit --master mesos://\`cat /etc/mesos/zk\` --deploy-mode client…, I > am not able to access dri devices, e.g., mfx init: /dev/dri/renderD128 fd > open failed. What seems to be happening is that the group membership of the > default user, in this case “ubuntu” is modified by Mesos, i.e., whereas under > cases 1-3, above, I get: > > $ id > uid=1000(ubuntu) gid=1000(ubuntu) > groups=1000(ubuntu),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),102(netdev),999(docker) > In case of Mesos, I get: > uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),0(root) > > I am wondering if there are configuration parameters that can be passed to > Mesos to prevent it from modifying user groups? Assuming your diagnosis here is correct, this is actually a serious security issue -- notice how the group "0(root)" was added!
