You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Jie Yu (JIRA)" <ji...@apache.org> on 2016/02/29 03:16:18 UTC
[jira] [Comment Edited] (MESOS-4757) Mesos containerizer should get
uid/gids before pivot_root.
[ https://issues.apache.org/jira/browse/MESOS-4757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15171311#comment-15171311 ]
Jie Yu edited comment on MESOS-4757 at 2/29/16 2:16 AM:
--------------------------------------------------------
BTW, I tested my patch on OSX (EL Capitan, 10.11.3), and it works fine.
{noformat}
$ sudo sbin/mesos-master --work_dir=/tmp/mesos/master
$ sudo GLOG_v=1 sbin/mesos-slave --master=10.0.1.26:5050 --work_dir=/tmp/mesos/slave --executor_environment_variables="{}"
$ bin/mesos-execute --master=10.0.1.26:5050 --name=test --command="id" # under my name 'jie'
Registered executor on 10.0.1.26
Starting task test
sh -c 'id'
Forked command at 86930
uid=501(jie) gid=20(staff) groups=20(staff),701(com.apple.sharepoint.group.1),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),33(_appstore),100(_lpoperator),204(_developer),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh)
Command exited with status 0 (pid: 86930)
Shutting down
Sending SIGTERM to process tree at pid 86930
Sent SIGTERM to the following process trees:
[
]
$ id
uid=501(jie) gid=20(staff) groups=20(staff),701(com.apple.sharepoint.group.1),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),33(_appstore),100(_lpoperator),204(_developer),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh)
{noformat}
was (Author: jieyu):
BTW, I tested my patch on OSX (EL Capitan, 10.11.3), and it works fine.
{noformat}
$ sudo sbin/mesos-master --work_dir=/tmp/mesos/master
$ sudo GLOG_v=1 sbin/mesos-slave --master=10.0.1.26:5050 --work_dir=/tmp/mesos/slave --executor_environment_variables="{}"
$ bin/mesos-execute --master=10.0.1.26:5050 --name=test --command="id" # under my name 'jie'
Registered executor on 10.0.1.26
Starting task test
sh -c 'id'
Forked command at 86930
uid=501(jie) gid=20(staff) groups=20(staff),701(com.apple.sharepoint.group.1),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),33(_appstore),100(_lpoperator),204(_developer),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh)
Command exited with status 0 (pid: 86930)
Shutting down
Sending SIGTERM to process tree at pid 86930
Sent SIGTERM to the following process trees:
[
]
$ id
uid=501(jie) gid=20(staff) groups=20(staff),701(com.apple.sharepoint.group.1),12(everyone),61(localaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),33(_appstore),100(_lpoperator),204(_developer),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh)
> Mesos containerizer should get uid/gids before pivot_root.
> ----------------------------------------------------------
>
> Key: MESOS-4757
> URL: https://issues.apache.org/jira/browse/MESOS-4757
> Project: Mesos
> Issue Type: Bug
> Reporter: Jie Yu
> Assignee: Jie Yu
>
> Currently, we call os::su(user) after pivot_root. This is problematic because /etc/passwd and /etc/group might be missing in container's root filesystem. We should instead, get the uid/gids before pivot_root, and call setuid/setgroups after pivot_root.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)