You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by gi...@apache.org on 2017/08/17 08:22:33 UTC
[2/3] mesos git commit: Fixed mesos containerizer to support docker
image WORKDIR missing.
Fixed mesos containerizer to support docker image WORKDIR missing.
Some docker image may have 'WORKDIR' set in its manifest but that
'WORKDIR' does not exist in the image rootfs (e.g., the workdir
is removed in the following dockerfile).
>From the reference of dockerfile, "If the WORKDIR doesn’t exist,
it will be created even if it’s not used in any subsequent
Dockerfile instruction". So we should create the working directory
if it does not exist in the image's rootfs.
Review: https://reviews.apache.org/r/61602
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/736344b2
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/736344b2
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/736344b2
Branch: refs/heads/1.3.x
Commit: 736344b29fabac791c04be5a6f79c6a7f09a05e6
Parents: 10a0af0
Author: Gilbert Song <so...@gmail.com>
Authored: Fri Aug 11 17:52:18 2017 -0700
Committer: Gilbert Song <so...@gmail.com>
Committed: Thu Aug 17 01:20:21 2017 -0700
----------------------------------------------------------------------
src/slave/containerizer/mesos/launch.cpp | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/736344b2/src/slave/containerizer/mesos/launch.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/launch.cpp b/src/slave/containerizer/mesos/launch.cpp
index 2308bac..c9d9165 100644
--- a/src/slave/containerizer/mesos/launch.cpp
+++ b/src/slave/containerizer/mesos/launch.cpp
@@ -561,6 +561,29 @@ int MesosContainerizerLaunch::execute()
#endif // __WINDOWS__
if (launchInfo.has_working_directory()) {
+ // If working directory does not exist (e.g., being removed from
+ // the container image), create an empty directory even it may
+ // not be used. Please note that this case can only be possible
+ // if an image has 'WORKDIR' specified in its manifest but that
+ // 'WORKDIR' does not exist in the image's rootfs.
+ //
+ // TODO(gilbert): Set the proper ownership to this working
+ // directory to make sure a specified non-root user has the
+ // permission to write to this working directory. Right now
+ // it is owned by root, and any non-root user will fail to
+ // write to this directory. Please note that this is identical
+ // to the semantic as docker daemon. The semantic can be
+ // verified by:
+ // 'docker run -ti -u nobody quay.io/spinnaker/front50:master bash'
+ // The ownership of '/workdir' is root. Creating any file under
+ // '/workdir' will fail for 'Permission denied'.
+ Try<Nothing> mkdir = os::mkdir(launchInfo.working_directory());
+ if (mkdir.isError()) {
+ cerr << "Failed to create working directory "
+ << "'" << launchInfo.working_directory() << "': "
+ << mkdir.error() << endl;
+ }
+
Try<Nothing> chdir = os::chdir(launchInfo.working_directory());
if (chdir.isError()) {
cerr << "Failed to chdir into current working directory "