A recent patch (commit ede8155d1d043137e15007c48da36ac5fa0b5124) changes the behavior of how standard device nodes (e.g., /dev/null, etc.) are setup. It uses bind mount (from host) now (instead of mknod).
The devices nodes are created under `/var/run/mesos/containers/<container_id>/devices`, and then bind mounted to the container root filesystem. This is problematic for those Linux distros that mount `/var/run` (or `/run`) as `nodev`. For instance, CentOS 7.4:
As a result, the `/dev/null` devices in the container will inherit the `nodev` from `/run` on the host
This will cause "Permission Denied" error when a process in the container tries to open the device node.
You can try to reproduce this issue using Mesos Mini
And the, go to Marathon UI (http://localhost:8080), and launch an app using the following config
You'll see the task failed with "Permission Denied".
The task will run normally if you use `mesos/mesos-mini:master-2018-12-01`