You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by gi...@apache.org on 2019/08/08 23:57:12 UTC

[mesos] 01/03: Added a new agent flag --allow_chown_docker_volume.

This is an automated email from the ASF dual-hosted git repository.

gilbert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git

commit ab748689a637db395da985cd2991659a56d197d4
Author: Gilbert Song <so...@gmail.com>
AuthorDate: Wed Aug 7 16:40:20 2019 -0700

    Added a new agent flag --allow_chown_docker_volume.
    
    Review: https://reviews.apache.org/r/71247
---
 docs/configuration/agent.md | 12 ++++++++++++
 src/slave/flags.cpp         |  8 ++++++++
 src/slave/flags.hpp         |  1 +
 3 files changed, 21 insertions(+)

diff --git a/docs/configuration/agent.md b/docs/configuration/agent.md
index 325a37e..760d22b 100644
--- a/docs/configuration/agent.md
+++ b/docs/configuration/agent.md
@@ -795,6 +795,18 @@ volumes that each container uses.
   </td>
 </tr>
 
+<tr id="docker_volume_chown">
+  <td>
+    --[no-]docker_volume_chown
+  </td>
+  <td>
+Whether to chown the docker volume's mount point non-recursively
+to the container user. Please notice that this flag is not recommended
+to turn on if there is any docker volume shared by multiple non-root
+users. By default, this flag is off. (default: false)
+  </td>
+</tr>
+
 <tr id="enforce_container_disk_quota">
   <td>
     --[no-]enforce_container_disk_quota
diff --git a/src/slave/flags.cpp b/src/slave/flags.cpp
index 08ec20b..50b09cf 100644
--- a/src/slave/flags.cpp
+++ b/src/slave/flags.cpp
@@ -224,6 +224,14 @@ mesos::internal::slave::Flags::Flags()
       "volumes that each container uses.",
       "/var/run/mesos/isolators/docker/volume");
 
+  add(&Flags::docker_volume_chown,
+      "docker_volume_chown",
+      "Whether to chown the docker volume's mount point non-recursively\n"
+      "to the container user. Please notice that this flag is not recommended\n"
+      "to turn on if there is any docker volume shared by multiple non-root\n"
+      "users. By default, this flag is off.\n",
+      false);
+
   add(&Flags::docker_ignore_runtime,
       "docker_ignore_runtime",
       "Ignore any runtime configuration specified in the Docker image. The\n"
diff --git a/src/slave/flags.hpp b/src/slave/flags.hpp
index 01834f4..3c5ffca 100644
--- a/src/slave/flags.hpp
+++ b/src/slave/flags.hpp
@@ -60,6 +60,7 @@ public:
   std::string docker_registry;
   std::string docker_store_dir;
   std::string docker_volume_checkpoint_dir;
+  bool docker_volume_chown;
   bool docker_ignore_runtime;
 
   std::string default_role;