mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Klues <>
Subject Review Request 53586: Added special case for entering "mnt" namespaces for DEBUG containers.
Date Tue, 08 Nov 2016 21:57:40 GMT

This is an automatically generated e-mail. To reply, visit:

Review request for mesos and Jie Yu.

Bugs: MESOS-6543

Repository: mesos


Until we switch over to the default (a.k.a. "pod" executor) for
launching command tasks, we need to special case which `pid` we use
for entering the `mnt` namespace of a parent container.  Specifically,
we need to enter the `mnt` namespace of the process representing the
command task itself, not the `mnt` namespace of the `init` process of
the container or the `executor` of the container because these run in
the same `mnt` namespace as the agent (not the task).

Unfortunately, there is no easy way to get the `pid` of tasks launched
with the command executor because we only checkpoint the `pid` of the
`init` process of these containers. For now, we compensate for this by
simply walking the process tree from the container's `init` process up
to 2-levels down (where the task process would exist) and look to see
if any process along the way has a different `mnt` namespace. If it
does, we return a reference to its `pid` as the `pid` for entering the
`mnt` namespace of the container.  Otherwise, we return the `init`
process's `pid`.

We then pass this pid to the `mesos-containerizer launch` binary and
have it set the namespace, rather than letting the `ns::clone()` call
do it for us. This is important because otherwise we wouldn't be able
to find the `mesos-containerizer launch` itself (it only exists in the
host mount namespace!).


  src/slave/containerizer/mesos/containerizer.cpp e57064c768937969ba4a071ae80165ccab2f1dff

  src/slave/containerizer/mesos/launch.hpp 8b23c1b6df6bc1fdd987af5a4469664356e7f27a 
  src/slave/containerizer/mesos/launch.cpp 377a9d94aa780ab598b1c2034c10ce25a4e02cbe 
  src/tests/containerizer/nested_mesos_containerizer_tests.cpp e6c690c411f57138207044f31b4816bd4090c1b7



make -j check
sudo src/mesos-tests


Kevin Klues

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message