mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chun-Hung Hsiao <>
Subject Re: Review Request 58939: Filesystem isolation check for Mesos image provisioner.
Date Fri, 05 May 2017 18:07:16 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated May 5, 2017, 6:07 p.m.)

Review request for mesos, Anand Mazumdar, Gilbert Song, and Jie Yu.


Move the checks for 'docker/runtime' into `DockerRuntimeIsolatorProcess::create()`.

Bugs: mesos-7374

Repository: mesos


Checked if the 'filesystem/linux' isolator is enabled and the 'linux'
launcher is used when launching a mesos containerizer with an image
under Linux. This prevents the executor from messing up with the host
filesystem. The check is in `MesosContainerizerProcess::prepare()`
after provisioning and before launching, since provisioning itself
does not depend on the filesystem isolator.

Also checked that the 'filesystem/linux' is enabled and the 'linux'
launcher is used when enabling the 'docker/runtime' isolator.

Diffs (updated)

  src/slave/containerizer/mesos/containerizer.cpp b58baed64480e22f640a4852537f85922ed382ae

  src/slave/containerizer/mesos/isolators/docker/runtime.cpp 08350e638a0f20746e369cdc78c96126f2e1df3f

  src/slave/containerizer/mesos/provisioner/provisioner.cpp be45fc59027f176b43b767e9441fd8089ceec7b4




sudo make check
Manually tested on a simplified case of mesos-7374.


Chun-Hung Hsiao

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message