mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From haosdent huang <haosd...@gmail.com>
Subject Re: Review Request 53296: Added cgroup namespace support for unified container.
Date Sun, 06 Nov 2016 05:20:04 GMT


> On Nov. 1, 2016, 4:43 a.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/namespaces/cgroup.hpp, line 28
> > <https://reviews.apache.org/r/53296/diff/2/?file=1548952#file1548952line28>
> >
> >     Instead of creating a new namespace/cgroup isolator, I would suggest we add
the support to cgroups isolator. It looks weird to me to have a namespace/cgroup isolator
without using the cgroups isolator.
> 
> haosdent huang wrote:
>     I think it still possible to use `namespaces/cgroup` isolator without `cgroups` isolation?
If user only want to isolate the host cgroups environment from the container.
> 
> Jie Yu wrote:
>     What's the use case for that? I feel that it will be strange to enable cgroup namespace
if containers still share the same cgroup. There will be no isolation if two containers try
to manipulate the cgroups. That defeats the purpose of using cgroup namespace.

For example, we launch docker daemon in the host, which would use `/sys/fs/cgroup/xx/subsystem_name`
as the hierarchies.
Then we want hide this in the containers launched by Mesos. In this case, we only need `namespace/cgroup`
isolator without cgroups isolation.


- haosdent


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/53296/#review154371
-----------------------------------------------------------


On Oct. 30, 2016, 4:45 p.m., haosdent huang wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/53296/
> -----------------------------------------------------------
> 
> (Updated Oct. 30, 2016, 4:45 p.m.)
> 
> 
> Review request for mesos, Jie Yu, Qian Zhang, and Jiang Yan Xu.
> 
> 
> Bugs: MESOS-5410
>     https://issues.apache.org/jira/browse/MESOS-5410
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Added cgroup namespace support for unified container.
> 
> 
> Diffs
> -----
> 
>   src/CMakeLists.txt 639f8678ba23c4d9a2ea0bf84fbc3d6fc9286ef3 
>   src/Makefile.am c2f9e442182110d0b450d4824600a4a791f8cf27 
>   src/slave/containerizer/mesos/containerizer.cpp 67cc595278f124cdf518d2f4fcfb257439f067e2

>   src/slave/containerizer/mesos/isolators/namespaces/cgroup.hpp PRE-CREATION 
>   src/slave/containerizer/mesos/isolators/namespaces/cgroup.cpp PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/53296/diff/
> 
> 
> Testing
> -------
> 
> The test case is on the way.
> 
> 
> Thanks,
> 
> haosdent huang
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message