[
https://issues.apache.org/jira/browse/MESOS-4757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15172479#comment-15172479
]
Jie Yu commented on MESOS-4757:
-------------------------------
[~idownes] My main concern is about the sandbox. Currently, sandbox is prepared
by the agent (thus using the agent's host database) when chown happens and we
bind mount that directory to the container. Without user namespace, I don't
know if using the container database is desired or not.
> Mesos containerizer should get uid/gids before pivot_root.
> ----------------------------------------------------------
>
> Key: MESOS-4757
> URL: https://issues.apache.org/jira/browse/MESOS-4757
> Project: Mesos
> Issue Type: Bug
> Reporter: Jie Yu
> Assignee: Jie Yu
>
> Currently, we call os::su(user) after pivot_root. This is problematic because
> /etc/passwd and /etc/group might be missing in container's root filesystem.
> We should instead, get the uid/gids before pivot_root, and call
> setuid/setgroups after pivot_root.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
