Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-6391

Command task's sandbox should not be owned by root if it uses container image.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 0.28.2, 1.0.1
    • 1.0.2, 1.1.0
    • None

    Description

      Currently, if the task defines a container image, the command executor will be run under root because it needs to perform pivot_root.

      That means if the task wants to run under an unprivileged user, the sandbox of that task will not be writable because it's owned by root.

      Attachments

        Activity

          People

            jieyu Jie Yu
            jieyu Jie Yu
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: