You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Chun-Hung Hsiao (JIRA)" <ji...@apache.org> on 2018/07/03 22:38:00 UTC

[jira] [Created] (MESOS-9050) Mesos fetcher should use agent's credential to fetch artifacts.

Chun-Hung Hsiao created MESOS-9050:
--------------------------------------

             Summary: Mesos fetcher should use agent's credential to fetch artifacts.
                 Key: MESOS-9050
                 URL: https://issues.apache.org/jira/browse/MESOS-9050
             Project: Mesos
          Issue Type: Bug
          Components: containerization
            Reporter: Chun-Hung Hsiao


When launching a container, Mesos setuid to the task's credential before fetching the artifacts into the executor sandbox. However, if any directory in the sandbox path forbids 'x' mode for the task's credential, the fetcher won't be able to store the artifact into the sandbox, but instead get an {{EACCES}} from https://github.com/apache/mesos/blob/master/3rdparty/stout/include/stout/net.hpp#L214

We should use the agent's credential to fetch the artifacts, {{chown}} them, then setuid.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)