mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam B (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (MESOS-7208) Persistent volume ownership is set to root when task is running with non-root user
Date Wed, 08 Mar 2017 03:32:38 GMT

     [ https://issues.apache.org/jira/browse/MESOS-7208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Adam B updated MESOS-7208:
--------------------------
    Affects Version/s: 1.2.0

> Persistent volume ownership is set to root when task is running with non-root user
> ----------------------------------------------------------------------------------
>
>                 Key: MESOS-7208
>                 URL: https://issues.apache.org/jira/browse/MESOS-7208
>             Project: Mesos
>          Issue Type: Bug
>          Components: containerization
>    Affects Versions: 1.0.2, 1.1.0, 1.2.0
>            Reporter: Nikolay Ustinov
>            Assignee: Gilbert Song
>            Priority: Critical
>              Labels: user
>
> I’m running docker container in universal containerizer, mesos 1.1.0. switch_user=true,
isolator=filesystem/linux,docker/runtime.  Container is launched with marathon, “user”:”someappuser”.
I’d want to use persistent volume, but it’s exposed to container with root user permissions
even if root folder is created with someppuser ownership (looks like mesos do chown to this
folder). 
> here logs for my container:
> {code}
> I0305 22:51:36.414655 10175 slave.cpp:1701] Launching task 'md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a'
for framework e9d0e39e-b67d-4142-b95d-b0987998eb92-0000
> I0305 22:51:36.415118 10175 paths.cpp:536] Trying to chown '/export/intssd/mesos-slave/workdir/slaves/85150805-a201-4b23-ab21-b332a458fc97-S10/frameworks/e9d0e39e-b67d-4142-b95d-b0987998eb92-0000/executors/md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a/runs/e978d4eb-5ec1-44ad-b50a-9ae6bfe1065a'
to user 'root'
> I0305 22:51:36.422992 10175 slave.cpp:6179] Launching executor 'md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a'
of framework e9d0e39e-b67d-4142-b95d-b0987998eb92-0000 with resources cpus(*):0.1; mem(*):32
in work directory '/export/intssd/mesos-slave/workdir/slaves/85150805-a201-4b23-ab21-b332a458fc97-S10/frameworks/e9d0e39e-b67d-4142-b95d-b0987998eb92-0000/executors/md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a/runs/e978d4eb-5ec1-44ad-b50a-9ae6bfe1065a'
> I0305 22:51:36.424278 10175 slave.cpp:1987] Queued task 'md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a'
for executor 'md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a' of framework e9d0e39e-b67d-4142-b95d-b0987998eb92-0000
> I0305 22:51:36.424347 10158 docker.cpp:1000] Skipping non-docker container
> I0305 22:51:36.425639 10142 containerizer.cpp:938] Starting container e978d4eb-5ec1-44ad-b50a-9ae6bfe1065a
for executor 'md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a' of framework e9d0e39e-b67d-4142-b95d-b0987998eb92-0000
> I0305 22:51:36.428725 10166 provisioner.cpp:294] Provisioning image rootfs '/export/intssd/mesos-slave/workdir/provisioner/containers/e978d4eb-5ec1-44ad-b50a-9ae6bfe1065a/backends/copy/rootfses/0e2181e9-1bf2-42d4-8cb0-ee70e466c3ae'
for container e978d4eb-5ec1-44ad-b50a-9ae6bfe1065a
> I0305 22:51:42.981240 10149 linux.cpp:695] Changing the ownership of the persistent volume
at '/export/intssd/mesos-slave/data/volumes/roles/general_marathon_service_role/md_hdfs_journal#data#23f813aa-01dd-11e7-a012-0242ce94d92a'
with uid 0 and gid 0
> I0305 22:51:42.986593 10136 linux_launcher.cpp:421] Launching container e978d4eb-5ec1-44ad-b50a-9ae6bfe1065a
and cloning with namespaces CLONE_NEWNS
> {code}
> {code}
> ls -la /export/intssd/mesos-slave/workdir/slaves/85150805-a201-4b23-ab21-b332a458fc97-S10/frameworks/e9d0e39e-b67d-4142-b95d-b0987998eb92-0000/executors/md_hdfs_journal.23f813ab-01dd-11e7-a012-0242ce94d92a/runs/e978d4eb-5ec1-44ad-b50a-9ae6bfe1065a/
> drwxr-xr-x 3 someappuser someappgroup   4096 22:51 .
> drwxr-xr-x 3 root     root            4096 22:51 ..
> drwxr-xr-x 2 root     root            4096 22:51 data
> -rw-r--r-- 1 root     root             169 22:51 stderr
> -rw-r--r-- 1 root     root          183012 23:00 stdout
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message