Details
Description
PersistentVolume ownership is not set to match the sandbox user when the docker executor is used. Looks like the issue was introduced by https://reviews.apache.org/r/45963/
I didn't check the universal containerizer yet.
As far as I understand the following code is supposed to check that a volume is not being already used by other tasks/containers.
src/slave/containerizer/docker.cpp
foreachvalue (const Container* container, containers_) { if (container->resources.contains(resource)) { isVolumeInUse = true; break; } }
But it doesn't exclude a container to be launch (In my case I have only one container - no group of tasks). Thus the ownership of PersistentVolume stays "root" (I run mesos-agent under root) and it's impossible to use the volume inside the container. We always run processes inside Docker containers under unprivileged user.
Making a small patch to exclude the container to launch fixes the issue.
foreachvalue (const Container* container, containers_) { if (container->resources.contains(resource) && containerId != container->id) { isVolumeInUse = true; break; } }