You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by gi...@apache.org on 2017/07/28 19:28:19 UTC
[4/4] mesos git commit: Added regression test for sandbox volume
ownership issue.
Added regression test for sandbox volume ownership issue.
Added regression test for sandbox volume ownership issue.
Review: https://reviews.apache.org/r/61123/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/8edfbaaf
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/8edfbaaf
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/8edfbaaf
Branch: refs/heads/master
Commit: 8edfbaaf49c0b09ed02bd07334fb65b29d088a40
Parents: b5efb91
Author: Gilbert Song <so...@gmail.com>
Authored: Fri Jul 28 12:27:58 2017 -0700
Committer: Gilbert Song <so...@gmail.com>
Committed: Fri Jul 28 12:27:58 2017 -0700
----------------------------------------------------------------------
.../linux_filesystem_isolator_tests.cpp | 61 ++++++++++++++++++++
1 file changed, 61 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/8edfbaaf/src/tests/containerizer/linux_filesystem_isolator_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/containerizer/linux_filesystem_isolator_tests.cpp b/src/tests/containerizer/linux_filesystem_isolator_tests.cpp
index 457311e..f9cab2f 100644
--- a/src/tests/containerizer/linux_filesystem_isolator_tests.cpp
+++ b/src/tests/containerizer/linux_filesystem_isolator_tests.cpp
@@ -239,6 +239,67 @@ TEST_F(LinuxFilesystemIsolatorTest, ROOT_VolumeFromSandbox)
}
+// This is a regression test for MESOS-5187. It is a ROOT test to
+// simulate the scenario that the framework user is non-root while
+// the agent process is root, to make sure that non-root user can
+// still have the permission to write to the volume as expected.
+TEST_F(LinuxFilesystemIsolatorTest, ROOT_SandboxVolumeOwnership)
+{
+ string registry = path::join(sandbox.get(), "registry");
+ AWAIT_READY(DockerArchive::create(registry, "test_image"));
+
+ slave::Flags flags = CreateSlaveFlags();
+ flags.isolation = "filesystem/linux,docker/runtime";
+ flags.docker_registry = registry;
+ flags.docker_store_dir = path::join(sandbox.get(), "store");
+ flags.image_providers = "docker";
+
+ Fetcher fetcher(flags);
+
+ Try<MesosContainerizer*> create =
+ MesosContainerizer::create(flags, true, &fetcher);
+
+ ASSERT_SOME(create);
+
+ Owned<Containerizer> containerizer(create.get());
+
+ ContainerID containerId;
+ containerId.set_value(UUID::random().toString());
+
+ ExecutorInfo executor = createExecutorInfo(
+ "test_executor",
+ "echo abc > /tmp/file");
+
+ executor.mutable_container()->CopyFrom(createContainerInfo(
+ "test_image",
+ {createVolumeFromHostPath("/tmp", "tmp", Volume::RW)}));
+
+ string directory = path::join(flags.work_dir, "sandbox");
+ ASSERT_SOME(os::mkdir(directory));
+
+ // Simulate the executor sandbox ownership as the user
+ // from FrameworkInfo.
+ ASSERT_SOME(os::chown("nobody", directory));
+
+ Future<bool> launch = containerizer->launch(
+ containerId,
+ createContainerConfig(None(), executor, directory, "nobody"),
+ map<string, string>(),
+ None());
+
+ AWAIT_READY(launch);
+
+ Future<Option<ContainerTermination>> wait = containerizer->wait(containerId);
+
+ AWAIT_READY(wait);
+ ASSERT_SOME(wait.get());
+ ASSERT_TRUE(wait->get().has_status());
+ EXPECT_WEXITSTATUS_EQ(0, wait->get().status());
+
+ EXPECT_SOME_EQ("abc\n", os::read(path::join(directory, "tmp", "file")));
+}
+
+
// This test verifies that a volume with an absolute host path as
// well as an absolute container path is properly mounted in the
// container's mount namespace.