Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-5856

Logrotate ContainerLogger module does not rotate logs when run as root with `--switch_user`.

    XMLWordPrintableJSON

Details

    • Mesosphere Sprint 44, Mesosphere Sprint 45, Mesosphere Sprint 46, Mesosphere Sprint 47
    • 3

    Description

      The logrotate ContainerLogger module runs as the agent's user. In most cases, this is root.

      When logrotate is run as root, there is an additional check the configuration files must pass (because a root logrotate needs to be secured against non-root modifications to the configuration):
      https://github.com/logrotate/logrotate/blob/fe80cb51a2571ca35b1a7c8ba0695db5a68feaba/config.c#L807-L815

      Log rotation will fail under the following scenario:
      1) The agent is run with --switch_user (default: true)
      2) A task is launched with a non-root user specified
      3) The logrotate module spawns a few companion processes (as root) and this creates the stdout, stderr, stdout.logrotate.conf, and stderr.logrotate.conf files (as root). This step races with the next step.
      4) The Mesos containerizer and Fetcher will chown the task's sandbox to the non-root user. Including the files just created.
      5) When logrotate is run, it will skip any non-root configuration files. This means the files are not rotated.

      Fix: The logrotate module's companion processes should call setuid and setgid.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MESOS-5218 Fetcher should not chown the entire sandbox.

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. MESOS-6747 ContainerLogger runnable must not inherit the slave environment.

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. MESOS-6027 Executor stdout/stderr should not be world-readable

          • Major - Major loss of function.
          • Accepted

          Improvement - An improvement or enhancement to an existing feature or task. MESOS-6271 The container logger should be responsible for making sure stdout/stderr are writable by the task

          • Major - Major loss of function.
          • Open

          Activity

            People

              sivaramsk Sivaram Kannan
              kaysoky Joseph Wu
              Joseph Wu Joseph Wu
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: