You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Benno Evers (JIRA)" <ji...@apache.org> on 2019/04/05 13:23:00 UTC

[jira] [Commented] (MESOS-8257) Unified Containerizer "leaks" a target container mount path to the host FS when the target resolves to an absolute path

    [ https://issues.apache.org/jira/browse/MESOS-8257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16810819#comment-16810819 ] 

Benno Evers commented on MESOS-8257:
------------------------------------

I removed the 1.8.0 target designation here and in the linked ticket since it looks like there hasn't been any recent activity here, please feel free to revert as you see fit.

> Unified Containerizer "leaks" a target container mount path to the host FS when the target resolves to an absolute path
> -----------------------------------------------------------------------------------------------------------------------
>
>                 Key: MESOS-8257
>                 URL: https://issues.apache.org/jira/browse/MESOS-8257
>             Project: Mesos
>          Issue Type: Bug
>          Components: containerization
>    Affects Versions: 1.3.1, 1.4.1, 1.5.0
>            Reporter: Jason Lai
>            Assignee: Jason Lai
>            Priority: Critical
>              Labels: bug, containerization, containerizer, mountpath
>
> If a target path under the root FS provisioned from an image resolves to an absolute path, it will not appear in the container root FS after {{pivot_root(2)}} is called.
> A typical example is that when the target path is under {{/var/run}} (e.g. {{/var/run/some-dir}}), which is usually a symlink to an absolute path of {{/run}} in Debian images, the target path will get resolved as and created at {{/run/some-dir}} in the host root FS, after the container root FS gets provisioned. The target path will get unmounted after {{pivot_root(2)}} as it is part of the old root (host FS).
> A workaround is to use {{/run}} instead of {{/var/run}}, but absolute symlinks need to be resolved within the scope of the container root FS path.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)