mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mesos Reviewbot Windows <revi...@mesos.apache.org>
Subject Re: Review Request 64630: Narrowed task sandbox permissions from 0755 to 0750.
Date Mon, 08 Jan 2018 19:55:06 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64630/#review194976
-----------------------------------------------------------



PASS: Mesos patch 64630 was successfully built and tested.

Reviews applied: `['64630']`

All the build artifacts available at: http://dcos-win.westus.cloudapp.azure.com/mesos-build/review/64630

- Mesos Reviewbot Windows


On Jan. 8, 2018, 6:11 p.m., James Peach wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64630/
> -----------------------------------------------------------
> 
> (Updated Jan. 8, 2018, 6:11 p.m.)
> 
> 
> Review request for mesos, Andrew Schwartzmeyer, Ilya Pronin, Jie Yu, and Vinod Kone.
> 
> 
> Bugs: MESOS-8332
>     https://issues.apache.org/jira/browse/MESOS-8332
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Since task sandboxes can contain private data, we should not
> make them accessible to others by default. This changes all the
> places that create a task sandbox directory to use a helper API
> `slave::paths::createSandboxDirectory` that consistently deals
> with setting the directory mode and ownership.
> 
> A number of tests depended on the previous behavior where
> failing to change the ownership was logged but did not cause
> a failure. Depending on the test, these were updated to either
> disable the agent `switch_user` flag, or to specify the current
> user in the task launch message.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/containerizer.cpp cddc6173d17c8bd2585899b154f976c3822dffdd

>   src/slave/containerizer/mesos/paths.cpp d6ea618b20431ac95f880045143d09366f1740bf 
>   src/slave/http.cpp 71e0bbbc4aa20972509be77e19b4a99737fa6428 
>   src/slave/paths.hpp 05f826a2bc857509956aae2a82052fe91d1cfe55 
>   src/slave/paths.cpp 9f8ee391dec0472b6db1840bad691b4ef024ce9c 
>   src/tests/api_tests.cpp 28d46436b9c2fe85bde5bc8def7a840b72d29de3 
>   src/tests/master_allocator_tests.cpp 9bca27c7612b9ac4813f794bcc9ed38aeed078e5 
>   src/tests/master_authorization_tests.cpp 676543a5ad1bb5d47011fc2a8b05dfaaeef18c64 
>   src/tests/slave_authorization_tests.cpp 4ba0b8e96614a2df0daec576c08fe02462ccaa27 
> 
> 
> Diff: https://reviews.apache.org/r/64630/diff/2/
> 
> 
> Testing
> -------
> 
> make check (Fedora 27)
> 
> 
> Thanks,
> 
> James Peach
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message