mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joris Van Remoortere <joris.van.remoort...@gmail.com>
Subject Re: Review Request 52809: User Namespaces Initial Implementation.
Date Wed, 01 Mar 2017 18:22:35 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52809/#review167400
-----------------------------------------------------------



Closing this review due to inactivity. Please see our [guidelines](https://github.com/apache/mesos/blob/master/docs/reopening-reviews.md)
for reopening reviews.

- Joris Van Remoortere


On Oct. 17, 2016, 11:59 p.m., Srinivas Brahmaroutu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52809/
> -----------------------------------------------------------
> 
> (Updated Oct. 17, 2016, 11:59 p.m.)
> 
> 
> Review request for mesos, Gilbert Song and Jie Yu.
> 
> 
> Bugs: MESOS-2952
>     https://issues.apache.org/jira/browse/MESOS-2952
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Work in progress : implementing User namespaces.
> Phase 1: Create isolator and enable isolator to when Agent is
>   run with "userns=true". If this flags is not set the original
>   functionality will run the task as user who started the task.
>   With the flag set to true, the task will be run inside the user
>   namespace as a root inside the container and task is run as the
>   user who started the task when seen from outside of the container.
>   Approriate uid and gid maps are created.
> Phase 2: Provide mount point support for containers running in
>   user namespace. This will allow to properly mount and access
>   the filesystems with proper permission.
> 
> 
> Diffs
> -----
> 
>   src/Makefile.am 3bcc0f2dfc2c4f71841bd6d161f39e0e919fc0d7 
>   src/slave/containerizer/mesos/containerizer.cpp eac70d955e08142a2d054039d610a3d516b1b57e

>   src/slave/containerizer/mesos/isolators/user/user.hpp PRE-CREATION 
>   src/slave/containerizer/mesos/isolators/user/user.cpp PRE-CREATION 
>   src/slave/containerizer/mesos/isolators/user/usermaps.hpp PRE-CREATION 
>   src/slave/containerizer/mesos/launch.cpp 8a30ff8bd6f9263d68a4344b79f2374a2ae53c04 
>   src/slave/flags.hpp 3c292bac9394347318865f49782907def6541742 
>   src/slave/flags.cpp 87d9e4632321134192bb0a67f1b91db7d89f539b 
> 
> 
> Diff: https://reviews.apache.org/r/52809/diff/2/
> 
> 
> Testing
> -------
> 
> Work in progress implementing User namespaces.
> Phase 1: Create isolator and enable isolator to when Agent is run with "userns=true".
If this flags is not set the original functionality will run the task as user who started
the task. With User namespace the task will be run inside the user namespace with as a root
with the user who started the task is mapped to outside of the container. Approriate uid and
gid maps are created.
> Phase 2: Provide mount point support for containers running in user namespace.
> 
> 
> Thanks,
> 
> Srinivas Brahmaroutu
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message