mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Review Request 69086: Move the container `/dev` construction to the isolators.
Date Fri, 19 Oct 2018 17:38:09 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69086/
-----------------------------------------------------------

Review request for mesos, Gilbert Song, Jason Lai, Jie Yu, and Jiang Yan Xu.


Bugs: MESOS-9319
    https://issues.apache.org/jira/browse/MESOS-9319


Repository: mesos


Description
-------

Previously, if the container was configured with a root filesystem,
the container `/dev` was populated by the chroot API and this API
had a special case for adding GPU devices. This change extends
the approach that was introduced in the `linux/devices` isolator
to construct the whole of the Linux container `/dev` hierarchy
before launching the container. The `linux/filesystem` isolator is
now responsible for mounting the container `/dev`, and any other
isolators that enable access to devices can simply populate device
nodes in the container devices directory. After this change, the
container '/dev' is mounted read-only so that this cannot be used
to escape any disk quota.


Diffs
-----

  src/linux/fs.hpp 502f85c4a32d8658bdd701975dd5ac3d802d308e 
  src/linux/fs.cpp 9055ef42edd1fb90e1026d1d603a9ba902cfc1fd 
  src/slave/containerizer/mesos/isolators/filesystem/linux.cpp a47899cb528eef103f299def3bd3466905ac5b51

  src/slave/containerizer/mesos/isolators/gpu/isolator.hpp 4645c625877d9451516133b24bd3959e0f49c0a9

  src/slave/containerizer/mesos/isolators/gpu/isolator.cpp dbbf92ffbe4a46cedca5b53f6ba172bfb308100e

  src/slave/containerizer/mesos/isolators/linux/devices.cpp 8f8ff95ec3856ba06647637a80315365d0e66e23

  src/slave/containerizer/mesos/launch.cpp 7193da0a094df3e441e185c62b3a0379a0bdc4a2 


Diff: https://reviews.apache.org/r/69086/diff/1/


Testing
-------

sudo make check (Fedora 28)


Thanks,

James Peach


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message