You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mesos.apache.org by gi...@apache.org on 2017/08/17 08:22:32 UTC

[1/3] mesos git commit: Added MESOS-7652 to 1.3.2 CHANGELOG.

Repository: mesos
Updated Branches:
  refs/heads/1.3.x 08c431677 -> 7e42fcac2


Added MESOS-7652 to 1.3.2 CHANGELOG.


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/7e42fcac
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/7e42fcac
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/7e42fcac

Branch: refs/heads/1.3.x
Commit: 7e42fcac2267d5d4cea2826de521bd280bbbe2f9
Parents: 736344b
Author: Gilbert Song <so...@gmail.com>
Authored: Wed Aug 16 21:51:56 2017 -0700
Committer: Gilbert Song <so...@gmail.com>
Committed: Thu Aug 17 01:20:21 2017 -0700

----------------------------------------------------------------------
 CHANGELOG | 1 +
 1 file changed, 1 insertion(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/7e42fcac/CHANGELOG
----------------------------------------------------------------------
diff --git a/CHANGELOG b/CHANGELOG
index a3ba2a0..a8a1024 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -6,6 +6,7 @@ All Issues:
 ** Bug
   * [MESOS-6743] - Docker executor hangs forever if `docker stop` fails.
   * [MESOS-6950] - Launching two tasks with the same Docker image simultaneously may cause a staging dir never cleaned up.
+  * [MESOS-7652] - Docker image with universal containerizer does not work if WORKDIR is missing in the rootfs.
 
 
 Release Notes - Mesos - Version 1.3.1

[2/3] mesos git commit: Fixed mesos containerizer to support docker image WORKDIR missing.

Posted by gi...@apache.org.

Fixed mesos containerizer to support docker image WORKDIR missing.

Some docker image may have 'WORKDIR' set in its manifest but that
'WORKDIR' does not exist in the image rootfs (e.g., the workdir
is removed in the following dockerfile).

>From the reference of dockerfile, "If the WORKDIR doesn’t exist,
it will be created even if it’s not used in any subsequent
Dockerfile instruction". So we should create the working directory
if it does not exist in the image's rootfs.

Review: https://reviews.apache.org/r/61602


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/736344b2
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/736344b2
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/736344b2

Branch: refs/heads/1.3.x
Commit: 736344b29fabac791c04be5a6f79c6a7f09a05e6
Parents: 10a0af0
Author: Gilbert Song <so...@gmail.com>
Authored: Fri Aug 11 17:52:18 2017 -0700
Committer: Gilbert Song <so...@gmail.com>
Committed: Thu Aug 17 01:20:21 2017 -0700

----------------------------------------------------------------------
 src/slave/containerizer/mesos/launch.cpp | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/736344b2/src/slave/containerizer/mesos/launch.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/launch.cpp b/src/slave/containerizer/mesos/launch.cpp
index 2308bac..c9d9165 100644
--- a/src/slave/containerizer/mesos/launch.cpp
+++ b/src/slave/containerizer/mesos/launch.cpp
@@ -561,6 +561,29 @@ int MesosContainerizerLaunch::execute()
 #endif // __WINDOWS__
 
   if (launchInfo.has_working_directory()) {
+    // If working directory does not exist (e.g., being removed from
+    // the container image), create an empty directory even it may
+    // not be used. Please note that this case can only be possible
+    // if an image has 'WORKDIR' specified in its manifest but that
+    // 'WORKDIR' does not exist in the image's rootfs.
+    //
+    // TODO(gilbert): Set the proper ownership to this working
+    // directory to make sure a specified non-root user has the
+    // permission to write to this working directory. Right now
+    // it is owned by root, and any non-root user will fail to
+    // write to this directory. Please note that this is identical
+    // to the semantic as docker daemon. The semantic can be
+    // verified by:
+    // 'docker run -ti -u nobody quay.io/spinnaker/front50:master bash'
+    // The ownership of '/workdir' is root. Creating any file under
+    // '/workdir' will fail for 'Permission denied'.
+    Try<Nothing> mkdir = os::mkdir(launchInfo.working_directory());
+    if (mkdir.isError()) {
+      cerr << "Failed to create working directory "
+           << "'" << launchInfo.working_directory() << "': "
+           << mkdir.error() << endl;
+    }
+
     Try<Nothing> chdir = os::chdir(launchInfo.working_directory());
     if (chdir.isError()) {
       cerr << "Failed to chdir into current working directory "

[3/3] mesos git commit: Change launcher working directory before dropping privilege.

Posted by gi...@apache.org.

Change launcher working directory before dropping privilege.

The launcher needs to change its working directory before dropping
privilege by switching users and installing capabilities, because
afterwards it might not have access to traverse to the desired
working directory.

Review: https://reviews.apache.org/r/59551/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/10a0af0a
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/10a0af0a
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/10a0af0a

Branch: refs/heads/1.3.x
Commit: 10a0af0a9c926b4b51f8d2d3f24d7c5882cb7a9d
Parents: 08c4316
Author: James Peach <jp...@apache.org>
Authored: Fri Jun 16 20:44:54 2017 -0700
Committer: Gilbert Song <so...@gmail.com>
Committed: Thu Aug 17 01:20:21 2017 -0700

----------------------------------------------------------------------
 src/slave/containerizer/mesos/launch.cpp | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/10a0af0a/src/slave/containerizer/mesos/launch.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/launch.cpp b/src/slave/containerizer/mesos/launch.cpp
index d5da7af..2308bac 100644
--- a/src/slave/containerizer/mesos/launch.cpp
+++ b/src/slave/containerizer/mesos/launch.cpp
@@ -560,6 +560,16 @@ int MesosContainerizerLaunch::execute()
   }
 #endif // __WINDOWS__
 
+  if (launchInfo.has_working_directory()) {
+    Try<Nothing> chdir = os::chdir(launchInfo.working_directory());
+    if (chdir.isError()) {
+      cerr << "Failed to chdir into current working directory "
+           << "'" << launchInfo.working_directory() << "': "
+           << chdir.error() << endl;
+      exitWithStatus(EXIT_FAILURE);
+    }
+  }
+
 #ifndef __WINDOWS__
   // Change user if provided. Note that we do that after executing the
   // preparation commands so that those commands will be run with the
@@ -625,16 +635,6 @@ int MesosContainerizerLaunch::execute()
   }
 #endif // __linux__
 
-  if (launchInfo.has_working_directory()) {
-    Try<Nothing> chdir = os::chdir(launchInfo.working_directory());
-    if (chdir.isError()) {
-      cerr << "Failed to chdir into current working directory "
-           << "'" << launchInfo.working_directory() << "': "
-           << chdir.error() << endl;
-      exitWithStatus(EXIT_FAILURE);
-    }
-  }
-
   // Prepare the executable and the argument list for the child.
   string executable(launchInfo.command().shell()
     ? os::Shell::name