Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-9332

Nested container should run as the same user of its parent container by default.

    XMLWordPrintableJSON

    Details

    • Sprint:
      Mesosphere RI-6 Sprint 2018-31, Containerization R7 Sprint 32
    • Story Points:
      3

      Description

      Currently when launching a debug container, by default Mesos agent will use the executor's user as the debug container's user if the `user` field is not specified in the debug container's `commandInfo` (see this code for details). This is OK for the command task since the command executor's user is same with command task's user (see this code for details), so the debug container will be launched as the same user of the task. But for the task in a task group, the default executor's user is same with the framework user (see this code for details), so in this case the debug container will be launched as the same user of the framework rather than the task. So in a scenario that framework user is a normal user but the task user is root, the debug container will be launched as the normal which is not desired, the expectation is the debug container should run as the same user of the container it debugs.

        Attachments

          Activity

            People

            • Assignee:
              qianzhang Qian Zhang
              Reporter:
              qianzhang Qian Zhang
              Shepherd:
              Gilbert Song
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: