mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chun-Hung Hsiao <chhs...@mesosphere.io>
Subject Re: Review Request 58939: Filesystem isolation check for Mesos image provisioner.
Date Wed, 03 May 2017 22:08:00 GMT


> On May 3, 2017, 7:46 p.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/containerizer.cpp
> > Lines 1178-1186 (patched)
> > <https://reviews.apache.org/r/58939/diff/1/?file=1706384#file1706384line1178>
> >
> >     This might be too late. We want to check during startup time of the agent, rather
than wait until the container launch time.

The mount namespace is required only when provisioning images. I think checking at startup
would introduce unnecessary failures for agents running tasks that do not use images.


- Chun-Hung


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58939/#review173803
-----------------------------------------------------------


On May 3, 2017, 10:07 p.m., Chun-Hung Hsiao wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58939/
> -----------------------------------------------------------
> 
> (Updated May 3, 2017, 10:07 p.m.)
> 
> 
> Review request for mesos, Anand Mazumdar, Gilbert Song, and Jie Yu.
> 
> 
> Bugs: mesos-7374
>     https://issues.apache.org/jira/browse/mesos-7374
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Checked if the 'filesystem/linux' isolator is enabled and the 'linux'
> launcher is used when launching a mesos containerizer with an image
> under Linux. This prevents the executor from messing up with the host
> filesystem. The check is in `MesosContainerizerProcess::prepare()`
> after provisioning and before launching, since provisioning itself
> does not depend on the filesystem isolator.
> 
> Also checked that the 'filesystem/linux' is enabled and the 'linux'
> launcher is used when enabling the 'docker/runtime' isolator.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/containerizer.cpp b58baed64480e22f640a4852537f85922ed382ae

>   src/slave/containerizer/mesos/provisioner/provisioner.cpp be45fc59027f176b43b767e9441fd8089ceec7b4

> 
> 
> Diff: https://reviews.apache.org/r/58939/diff/2/
> 
> 
> Testing
> -------
> 
> sudo make check
> Manually tested on a simplified case of mesos-7374.
> 
> 
> Thanks,
> 
> Chun-Hung Hsiao
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message