----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61120/#review181659 -----------------------------------------------------------
Ship it! LGTM! - Ilya Pronin On July 28, 2017, 2:42 a.m., Gilbert Song wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/61120/ > ----------------------------------------------------------- > > (Updated July 28, 2017, 2:42 a.m.) > > > Review request for mesos, Greg Mann, Ilya Pronin, Jie Yu, James Peach, Vinod > Kone, and Jiang Yan Xu. > > > Bugs: MESOS-7830 > https://issues.apache.org/jira/browse/MESOS-7830 > > > Repository: mesos > > > Description > ------- > > This bugfix addresses the issue from MESOS-7830. Basically, the > sandbox path volume ownership was not set correctly. This issue > can be exposed if a framework user is non-root while the agent > process runs as root. Then, the non-root user does not have > permissions to write to this volume. > > The correct solution should be giving permissions to corresponding > users by leveraging supplementary groups. But we can still > introduce a workaround in this patch by changing the ownership > of the sandbox path volume to its sandbox's ownership. > > > Diffs > ----- > > src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp > 6f7304d4aa40eb1b4815ffc1fec61f7e98291cba > > > Diff: https://reviews.apache.org/r/61120/diff/3/ > > > Testing > ------- > > make check > > > Thanks, > > Gilbert Song > >