mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <>
Subject Review Request 69086: Move the container `/dev` construction to the isolators.
Date Fri, 19 Oct 2018 17:38:09 GMT

This is an automatically generated e-mail. To reply, visit:

Review request for mesos, Gilbert Song, Jason Lai, Jie Yu, and Jiang Yan Xu.

Bugs: MESOS-9319

Repository: mesos


Previously, if the container was configured with a root filesystem,
the container `/dev` was populated by the chroot API and this API
had a special case for adding GPU devices. This change extends
the approach that was introduced in the `linux/devices` isolator
to construct the whole of the Linux container `/dev` hierarchy
before launching the container. The `linux/filesystem` isolator is
now responsible for mounting the container `/dev`, and any other
isolators that enable access to devices can simply populate device
nodes in the container devices directory. After this change, the
container '/dev' is mounted read-only so that this cannot be used
to escape any disk quota.


  src/linux/fs.hpp 502f85c4a32d8658bdd701975dd5ac3d802d308e 
  src/linux/fs.cpp 9055ef42edd1fb90e1026d1d603a9ba902cfc1fd 
  src/slave/containerizer/mesos/isolators/filesystem/linux.cpp a47899cb528eef103f299def3bd3466905ac5b51

  src/slave/containerizer/mesos/isolators/gpu/isolator.hpp 4645c625877d9451516133b24bd3959e0f49c0a9

  src/slave/containerizer/mesos/isolators/gpu/isolator.cpp dbbf92ffbe4a46cedca5b53f6ba172bfb308100e

  src/slave/containerizer/mesos/isolators/linux/devices.cpp 8f8ff95ec3856ba06647637a80315365d0e66e23

  src/slave/containerizer/mesos/launch.cpp 7193da0a094df3e441e185c62b3a0379a0bdc4a2 



sudo make check (Fedora 28)


James Peach

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message