Review Request 69542: Made non-root containers can access SANDBOX_PATH volume of PARENT type.

Qian Zhang Mon, 10 Dec 2018 09:14:21 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69542/
-----------------------------------------------------------


Review request for mesos, Andrei Budnik, Gilbert Song, Greg Mann, Ilya Pronin, 
and Jie Yu.


Bugs: MESOS-8810
    https://issues.apache.org/jira/browse/MESOS-8810


Repository: mesos


Description
-------

If a nested container running as a non-root user tries to use a
SANDBOX_PATH volume of PARENT type, we will make sure the volume owned
by a unique gid allocated by the volume gid manager and the container
process launched with that gid as its supplementary group.


Diffs
-----

  include/mesos/slave/containerizer.proto 
5b4dcdda0f55ea3355c78d1447c7be9ca54d9dc9 
  src/slave/containerizer/mesos/containerizer.hpp 
3102b8755c1fa3b205081d0198c6021c02d15ec6 
  src/slave/containerizer/mesos/containerizer.cpp 
a5cf2da55c046c5c45e0c2ca3400f64de12de62b 
  src/slave/containerizer/mesos/isolators/volume/sandbox_path.hpp 
1631160236379f84c6e1ed1be1370b5f2f2fd563 
  src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp 
ecd467c5a33c2f41396bc72ddd7cb806bb8adc52 
  src/slave/containerizer/mesos/launch.cpp 
2f1c9e7a8748c9d7eab25bc8567ca68308e680f9 


Diff: https://reviews.apache.org/r/69542/diff/1/


Testing
-------


Thanks,

Qian Zhang

Review Request 69542: Made non-root containers can access SANDBOX_PATH volume of PARENT type.

Reply via email to