You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@aurora.apache.org by GitBox <gi...@apache.org> on 2018/08/21 17:45:11 UTC

[GitHub] StephanErb commented on issue #28: Fix sandbox permission errors with Mesos 1.6.0

StephanErb commented on issue #28:  Fix sandbox permission errors with Mesos 1.6.0 
URL: https://github.com/apache/aurora/pull/28#issuecomment-414761435
 
 
   Given our default Aurora and Thermos setup where the executor is launched as `root`:
   
   * In Mesos < 1.6: 
     * `/var/lib/mesos/slaves/x/frameworks/y/executors/z/runs/latest/` is owned by `root`
     *  permissions are `755`
   
   * In Mesos >= 1.6:
     * `/var/lib/mesos/slaves/x/frameworks/y/executors/z/runs/latest/` is owned by `root` 
     * permissions are now `750`
   
   With this change, we now let Thermos change the owner of `/var/lib/mesos/slaves/x/frameworks/y/executors/z/runs/latest/` to `role` but let the permissions unchanged. This matches the intend of Mesos that the sandbox should be read/writeable by the enduser processes and by nobody else.
   
   I have verified that this works in 1.5 and 1.6 by running the end-to-end tests with both versions. I therefore think that this is degrades gracefully as expected.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services