----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52854/#review152698 -----------------------------------------------------------
Ship it! src/launcher/posix/executor.cpp (lines 99 - 100) <https://reviews.apache.org/r/52854/#comment221793> I guess you dont want to introduce another workaround in fetcher to `chown` files, right? And most likely we may not deprecate the command executor in a near term. src/launcher/posix/executor.cpp (line 102) <https://reviews.apache.org/r/52854/#comment221795> Should we add a one-line comment for `not using recursive mode` to chown sandbox? - Gilbert Song On Oct. 13, 2016, 8:36 p.m., Jie Yu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/52854/ > ----------------------------------------------------------- > > (Updated Oct. 13, 2016, 8:36 p.m.) > > > Review request for mesos and Gilbert Song. > > > Bugs: MESOS-6391 > https://issues.apache.org/jira/browse/MESOS-6391 > > > Repository: mesos > > > Description > ------- > > If the task has a rootfs, the command executor will be run under root > because it needs to perform pivot_root. Prior to this patch, if the > task wants to run under an unprivileged user, the sandbox of that task > will not be writable because it's owned by root. > > This patch fixed the issue (MESOS-6391). The command executor now > changes the owner (non-recursively) of the sandbox to match that of > the task when rootfs is specified for the task. > > > Diffs > ----- > > src/launcher/posix/executor.cpp fdee17c5e19b94c350ee192522087051d9c9fe74 > > Diff: https://reviews.apache.org/r/52854/diff/ > > > Testing > ------- > > sudo make check > > > Thanks, > > Jie Yu > >