Introduced the flag for the user

2026-01-03 17:05:43 +03:00 · 2016-02-03 16:09:17 -08:00
parent ed72a67ee0
commit f67a237361
2 changed files with 17 additions and 14 deletions
--- a/client/driver/plugins/executor.go
+++ b/client/driver/plugins/executor.go
@@ -19,11 +19,12 @@ import (
 )

 type ExecutorContext struct {
-	TaskEnv  *env.TaskEnvironment
-	AllocDir *allocdir.AllocDir
-	Task     *structs.Task
-	Chroot   bool
-	Limits   bool
+	TaskEnv          *env.TaskEnvironment
+	AllocDir         *allocdir.AllocDir
+	Task             *structs.Task
+	FSIsolation      bool
+	ResourceLimits   bool
+	UnprivilegedUser bool
 }

 type ExecCommand struct {
@@ -77,8 +78,10 @@ func (e *UniversalExecutor) LaunchCmd(command *ExecCommand, ctx *ExecutorContext
 		return nil, err
 	}

-	if err := e.runAs("nobody"); err != nil {
-		return nil, err
+	if e.ctx.UnprivilegedUser {
+		if err := e.runAs("nobody"); err != nil {
+			return nil, err
+		}
 	}

 	stdoPath := filepath.Join(e.taskDir, allocdir.TaskLocal, fmt.Sprintf("%v.stdout", ctx.Task.Name))
@@ -116,10 +119,10 @@ func (e *UniversalExecutor) Wait() (*ProcessState, error) {
 			exitCode = status.ExitStatus()
 		}
 	}
-	if e.ctx.Chroot {
+	if e.ctx.FSIsolation {
 		e.removeChrootMounts()
 	}
-	if e.ctx.Limits {
+	if e.ctx.ResourceLimits {
 		e.destroyCgroup()
 	}
 	return &ProcessState{Pid: 0, ExitCode: exitCode, Time: time.Now()}, nil
@@ -131,10 +134,10 @@ func (e *UniversalExecutor) Exit() error {
 	if err != nil {
 		return fmt.Errorf("failied to find user process %v: %v", e.cmd.Process.Pid, err)
 	}
-	if e.ctx.Chroot {
+	if e.ctx.FSIsolation {
 		e.removeChrootMounts()
 	}
-	if e.ctx.Limits {
+	if e.ctx.ResourceLimits {
 		e.destroyCgroup()
 	}
 	return proc.Kill()
--- a/client/driver/plugins/executor_linux.go
+++ b/client/driver/plugins/executor_linux.go
@@ -34,13 +34,13 @@ var (
 )

 func (e *UniversalExecutor) configureIsolation() error {
-	if e.ctx.Chroot {
+	if e.ctx.FSIsolation {
 		if err := e.configureChroot(); err != nil {
 			return err
 		}
 	}

-	if e.ctx.Limits {
+	if e.ctx.ResourceLimits {
 		if err := e.configureCgroups(e.ctx.Task.Resources); err != nil {
 			return fmt.Errorf("error creating cgroups: %v", err)
 		}
@@ -49,7 +49,7 @@ func (e *UniversalExecutor) configureIsolation() error {
 }

 func (e *UniversalExecutor) applyLimits() error {
-	if !e.ctx.Limits {
+	if !e.ctx.ResourceLimits {
 		return nil
 	}
 	manager := e.getCgroupManager(e.groups)