You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Jie Yu (JIRA)" <ji...@apache.org> on 2018/01/09 18:15:00 UTC
[jira] [Updated] (MESOS-8356) Persistent volume ownership is set to
root despite of sandbox owner (frameworkInfo.user) when docker executor is
used
[ https://issues.apache.org/jira/browse/MESOS-8356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jie Yu updated MESOS-8356:
--------------------------
Affects Version/s: 1.4.1
> Persistent volume ownership is set to root despite of sandbox owner (frameworkInfo.user) when docker executor is used
> ---------------------------------------------------------------------------------------------------------------------
>
> Key: MESOS-8356
> URL: https://issues.apache.org/jira/browse/MESOS-8356
> Project: Mesos
> Issue Type: Bug
> Affects Versions: 1.4.1
> Environment: Centos 7, Mesos 1.4.1, Docker Engine 1.13
> Reporter: Konstantin Kalin
> Assignee: Jie Yu
> Labels: persistent-volumes
>
> PersistentVolume ownership is not set to match the sandbox user when the docker executor is used. Looks like the issue was introduced by https://reviews.apache.org/r/45963/
> I didn't check the universal containerizer yet.
> As far as I understand the following code is supposed to check that a volume is not being already used by other tasks/containers.
> src/slave/containerizer/docker.cpp
> {code:java}
> foreachvalue (const Container* container, containers_) {
> if (container->resources.contains(resource)) {
> isVolumeInUse = true;
> break;
> }
> }
> {code}
> But it doesn't exclude a container to be launch (In my case I have only one container - no group of tasks). Thus the ownership of PersistentVolume stays "root" (I run mesos-agent under root) and it's impossible to use the volume inside the container. We always run processes inside Docker containers under unprivileged user.
> Making a small patch to exclude the container to launch fixes the issue.
> {code:java}
> foreachvalue (const Container* container, containers_) {
> if (container->resources.contains(resource) &&
> containerId != container->id) {
> isVolumeInUse = true;
> break;
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)