mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ian Downes" <ian.dow...@gmail.com>
Subject Re: Review Request 31444: Support chrooting in MesosContainerizer launch helper.
Date Wed, 13 May 2015 00:22:12 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31444/
-----------------------------------------------------------

(Updated May 12, 2015, 5:22 p.m.)


Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, Jie Yu, and James Peach.


Bugs: MESOS-2350
    https://issues.apache.org/jira/browse/MESOS-2350


Repository: mesos


Description
-------

Optionally take a path that the launch helper should chroot to before exec'ing the executor.
It is assumed that the work directory is mounted to the appropriate location under the chroot.
In particular, the path to the executor must be relative to the chroot.

Configuration that should be private to the chroot is done during the launch, e.g. mounting
proc and statically configuring basic devices. It is assumed that other configuration, e.g.,
preparing the image, mounting in volumes or persistent resources, is done by the caller.

Mounts can be made to the chroot (e.g., updating the volumes or persistent resources) and
they will propagate in to the container but mounts made inside the container will not propagate
out to the host.

It currently assumes that at least {{chroot}}/tmp is writeable and that mount points {{chroot}}/{tmp,dev,proc,sys}
exist in the chroot.

This is specific to Linux.


Diffs (updated)
-----

  src/Makefile.am 14bc976a7b6a656fb58085484d25c3de3cf0f693 
  src/linux/fs.cpp 1c9cf3f2ffead37148e4f6a81cefdbb97f679b09 
  src/slave/containerizer/mesos/launch.hpp 7c8b535746b5ce9add00afef86fdb6faefb5620e 
  src/slave/containerizer/mesos/launch.cpp 2f2d60e2011f60ec711d3b29fd2c157e30c83c34 
  src/tests/launch_tests.cpp PRE-CREATION 

Diff: https://reviews.apache.org/r/31444/diff/


Testing
-------

Manual testing only so far. This is harder to automate because we need a self-contained chroot
to execute something in... Suggestions welcome.


Thanks,

Ian Downes


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message