[jira] [Updated] (MESOS-3083) Doing 'clone' on Linux with the CLONE_NEWUSER namespace type can drop root privileges.

Artem Harutyunyan (JIRA) Fri, 24 Jul 2015 08:47:21 -0700

     [ 
https://issues.apache.org/jira/browse/MESOS-3083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Artem Harutyunyan updated MESOS-3083:
-------------------------------------
    Labels: mesosphere  (was: )

> Doing 'clone' on Linux with the CLONE_NEWUSER namespace type can drop root 
> privileges.
> --------------------------------------------------------------------------------------
>
>                 Key: MESOS-3083
>                 URL: https://issues.apache.org/jira/browse/MESOS-3083
>             Project: Mesos
>          Issue Type: Bug
>          Components: containerization
>         Environment: Ubuntu 14.04 (virtual machine)
>            Reporter: Benjamin Hindman
>              Labels: mesosphere
>
> The namespace tests attempt to clone a process with all namespaces that are 
> available from the kernel which includes the 'user' namespace in Ubuntu 14.04 
> which causes the child process to be user 'nobody' instead of user 'root' 
> after invoking 'clone' which is bad because the test requires that the child 
> process is 'root' and so things fail (because of insufficient permissions). 
> For now, we explicitly ignore the 'user' namespace in the tests, but this 
> issue is to track exactly how we might want to manage this going forward.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (MESOS-3083) Doing 'clone' on Linux with the CLONE_NEWUSER namespace type can drop root privileges.

Reply via email to