mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chun-Hung Hsiao <chhs...@mesosphere.io>
Subject Re: Review Request 58939: Filesystem isolation check for Mesos image provisioner.
Date Fri, 05 May 2017 18:07:16 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58939/
-----------------------------------------------------------

(Updated May 5, 2017, 6:07 p.m.)


Review request for mesos, Anand Mazumdar, Gilbert Song, and Jie Yu.


Changes
-------

Move the checks for 'docker/runtime' into `DockerRuntimeIsolatorProcess::create()`.


Bugs: mesos-7374
    https://issues.apache.org/jira/browse/mesos-7374


Repository: mesos


Description
-------

Checked if the 'filesystem/linux' isolator is enabled and the 'linux'
launcher is used when launching a mesos containerizer with an image
under Linux. This prevents the executor from messing up with the host
filesystem. The check is in `MesosContainerizerProcess::prepare()`
after provisioning and before launching, since provisioning itself
does not depend on the filesystem isolator.

Also checked that the 'filesystem/linux' is enabled and the 'linux'
launcher is used when enabling the 'docker/runtime' isolator.


Diffs (updated)
-----

  src/slave/containerizer/mesos/containerizer.cpp b58baed64480e22f640a4852537f85922ed382ae

  src/slave/containerizer/mesos/isolators/docker/runtime.cpp 08350e638a0f20746e369cdc78c96126f2e1df3f

  src/slave/containerizer/mesos/provisioner/provisioner.cpp be45fc59027f176b43b767e9441fd8089ceec7b4



Diff: https://reviews.apache.org/r/58939/diff/3/

Changes: https://reviews.apache.org/r/58939/diff/2-3/


Testing
-------

sudo make check
Manually tested on a simplified case of mesos-7374.


Thanks,

Chun-Hung Hsiao


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message