mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: Review Request 66175: Added isolator checks for namespaces support.
Date Tue, 20 Mar 2018 20:23:12 GMT


> On March 20, 2018, 8:18 p.m., Andrew Schwartzmeyer wrote:
> > src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
> > Lines 91-94 (patched)
> > <https://reviews.apache.org/r/66175/diff/1/?file=1983423#file1983423line91>
> >
> >     Just one question: under what scenarios does `ns::supported` return an error?
I ask because this might lead to misleading error messages.

It only errors if you ask for `CLONE_NEWUSER` and it can't check the kernel version. I think
that for this purpose it's not worth trying to propagate the error.


> On March 20, 2018, 8:18 p.m., Andrew Schwartzmeyer wrote:
> > src/slave/containerizer/mesos/isolators/filesystem/shared.cpp
> > Line 59 (original), 59 (patched)
> > <https://reviews.apache.org/r/66175/diff/1/?file=1983425#file1983425line59>
> >
> >     // TODO(andschwa): Write a cross-platform `os::is_root()` function...

At least for linux-specific code, checking for uid 0 is pretty canonical :)


- James


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66175/#review199574
-----------------------------------------------------------


On March 20, 2018, 8:13 p.m., James Peach wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66175/
> -----------------------------------------------------------
> 
> (Updated March 20, 2018, 8:13 p.m.)
> 
> 
> Review request for mesos, Andrew Schwartzmeyer and Jie Yu.
> 
> 
> Bugs: MESOS-6555
>     https://issues.apache.org/jira/browse/MESOS-6555
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Some isolators assumed that the Linux namespaces they needed were
> supported but did not explicitly check for them. Added explicit
> checks for the required namespaces so that the isolators can emit
> a more specifc error message.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp a6f05a8cf7eab2b2cc4c2142efdf3125462ec68e

>   src/slave/containerizer/mesos/isolators/filesystem/linux.cpp 6ee249997fcdfa37f7d073d9c150d06908b3f921

>   src/slave/containerizer/mesos/isolators/filesystem/shared.cpp 118f39871fd76ca00b92e4fa80c698a2a8f02f19

>   src/slave/containerizer/mesos/isolators/network/cni/cni.cpp d8dc02a686603e8f5dca073084c09992270b7f42

> 
> 
> Diff: https://reviews.apache.org/r/66175/diff/1/
> 
> 
> Testing
> -------
> 
> make check (Fedora 27)
> 
> 
> Thanks,
> 
> James Peach
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message