You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Chun-Hung Hsiao (JIRA)" <ji...@apache.org> on 2018/07/03 22:38:00 UTC
[jira] [Created] (MESOS-9050) Mesos fetcher should use agent's
credential to fetch artifacts.
Chun-Hung Hsiao created MESOS-9050:
--------------------------------------
Summary: Mesos fetcher should use agent's credential to fetch artifacts.
Key: MESOS-9050
URL: https://issues.apache.org/jira/browse/MESOS-9050
Project: Mesos
Issue Type: Bug
Components: containerization
Reporter: Chun-Hung Hsiao
When launching a container, Mesos setuid to the task's credential before fetching the artifacts into the executor sandbox. However, if any directory in the sandbox path forbids 'x' mode for the task's credential, the fetcher won't be able to store the artifact into the sandbox, but instead get an {{EACCES}} from https://github.com/apache/mesos/blob/master/3rdparty/stout/include/stout/net.hpp#L214
We should use the agent's credential to fetch the artifacts, {{chown}} them, then setuid.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)