mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Till Toenshoff (JIRA)" <j...@apache.org>
Subject [jira] [Created] (MESOS-6747) ContainerLogger runnable must not inherit the slave environment.
Date Wed, 07 Dec 2016 17:52:58 GMT
Till Toenshoff created MESOS-6747:
-------------------------------------

             Summary: ContainerLogger runnable must not inherit the slave environment.
                 Key: MESOS-6747
                 URL: https://issues.apache.org/jira/browse/MESOS-6747
             Project: Mesos
          Issue Type: Bug
            Reporter: Till Toenshoff
            Priority: Blocker


The ContainerLogger module which forks a child process named "mesos-logrotate-logger" does
inherit the slave's environment. Specifically things like {{LIBPROCESS_SSL_....}} variables
are not meant to be picked up by that runnable and cause issues as soon as the owning user
is not the same as the one owning the agent process.
So if the agent has an SSL key setup via {{LIBPROCESS_SSL_KEY_FILE}} and if that key-file
is readable by the agent user (root) only, then the {{mesos-logrotate-logger}} will try to
read that file as well even though it is being run as nobody - that action will then fail
the runnable and hence fail the entire task.

{noformat}
Could not load key file '/my/funky/key/path/key.key' (OpenSSL error #33558541): error:0200100D:system
library:fopen:Permission denied
{noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message