mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: Review Request 67097: Added `linux/devices` isolator whitelist support.
Date Wed, 16 May 2018 18:15:04 GMT


> On May 11, 2018, 11:34 p.m., Jie Yu wrote:
> > src/slave/containerizer/mesos/isolators/linux/devices.cpp
> > Lines 73 (patched)
> > <https://reviews.apache.org/r/67097/diff/1/?file=2020541#file2020541line74>
> >
> >     I'd suggest we just skip this whitelist entry, instead of fail the agent launch.
> >     
> >     If the operator does not specify the device path, it indicate that he does not
want the device path to show up in the container. He just want the device cgroup to allow
the device to be whitelisted. Thoughts?
> 
> James Peach wrote:
>     I thought about that, and I'm happy to change to that behaviour. However, even in
the devices cgroup isolator, the path is actually required .. it just silently doesn't work
if you omit the path. Maybe we should require the path in both cases?

We discussed this on chat and agreed that returning an error for a missing path is the right
behavior for both the linux/devices and cgroups/devices isolators.


- James


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67097/#review202975
-----------------------------------------------------------


On May 15, 2018, 5:53 p.m., James Peach wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67097/
> -----------------------------------------------------------
> 
> (Updated May 15, 2018, 5:53 p.m.)
> 
> 
> Review request for mesos, Gilbert Song, Jason Lai, and Jie Yu.
> 
> 
> Bugs: MESOS-8792
>     https://issues.apache.org/jira/browse/MESOS-8792
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Added `linux/devices` isolator support for populating the container
> devices.  This introduces a general mechanism for populating devices
> into a specific container but currently only implements devices for all
> containers based on the devices specified by the `--allowed_devices`
> agent flag.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/linux/devices.hpp PRE-CREATION 
>   src/slave/containerizer/mesos/isolators/linux/devices.cpp PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/67097/diff/4/
> 
> 
> Testing
> -------
> 
> make check (Fedora 27)
> 
> 
> Thanks,
> 
> James Peach
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message