----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61122/#review181403 -----------------------------------------------------------
src/slave/containerizer/mesos/isolators/filesystem/linux.cpp Line 487 (original), 498 (patched) <https://reviews.apache.org/r/61122/#comment256950> This is sandbox volume, not host volume. Let's change the commit title as well. - Jie Yu On July 25, 2017, 11:05 p.m., Gilbert Song wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/61122/ > ----------------------------------------------------------- > > (Updated July 25, 2017, 11:05 p.m.) > > > Review request for mesos, Ilya Pronin, Jie Yu, James Peach, Stephan Erb, > Vinod Kone, and Jiang Yan Xu. > > > Bugs: MESOS-5187 > https://issues.apache.org/jira/browse/MESOS-5187 > > > Repository: mesos > > > Description > ------- > > This bugfix addresses the issue from MESOS-5178. Basically, the > host volume ownership was not set correctly. This issue can be > exposed if a framework user is non-root while the agent > process runs as root. Then, the non-root user does not have > permissions to write to this volume. > > The correct solution should be giving permissions to corresponding > users by leveraging supplementary groups. But we can still > introduce a workaround in this patch by changing the ownership > of this host volume to its sandbox's ownership. > > > Diffs > ----- > > src/slave/containerizer/mesos/isolators/filesystem/linux.cpp > bf35b7f00d6e80672ffc27cfc3f3a2fd8de69a99 > > > Diff: https://reviews.apache.org/r/61122/diff/1/ > > > Testing > ------- > > make check > > > Thanks, > > Gilbert Song > >