mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Budnik <abud...@mesosphere.com>
Subject Re: Review Request 68257: Fixed incorrect `mnt` namespace detection of command executor's task.
Date Tue, 14 Aug 2018 17:22:49 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68257/
-----------------------------------------------------------

(Updated Aug. 14, 2018, 5:22 p.m.)


Review request for mesos, Alexander Rukletsov, Gilbert Song, Jie Yu, and Kevin Klues.


Changes
-------

Added more validation checks in `getMountNamespaceTarget()`.


Bugs: MESOS-9116
    https://issues.apache.org/jira/browse/MESOS-9116


Repository: mesos


Description
-------

Previously, we were walking the process tree from the container's
`init` process to find the first process along the way whose `mnt`
namespace differs from the `init` process. We expected this algorithm
to always return the PID of the command executor's task. However, if
someone launches multiple nested containers within the process tree,
the algorithm might detect the PID of the nested container instead of
the command executor's task. The detected PID might belong to a
short-lived container, so the container's process might terminate at
the moment the containerizer launcher (aka `nanny`) process tries to
enter its `mnt` namespace. This patch fixes the detection algorithm
so that it always returns PID of the command executor's task.


Diffs (updated)
-----

  src/slave/containerizer/mesos/utils.cpp 30e76d1d91651975033078f5450e45f5f2fd8ba0 


Diff: https://reviews.apache.org/r/68257/diff/2/

Changes: https://reviews.apache.org/r/68257/diff/1-2/


Testing
-------

1) Internal CI with disabled `ROOT_CGROUPS_LaunchNestedContainerSessionsInParallel` test (see
previous patch).
2) Fedora 25: `./src/mesos-tests --gtest_filter=*AgentAPITest.LaunchNestedContainerSessionInParallel*
--gtest_break_on_failure --gtest_repeat=100 --verbose`


Thanks,

Andrei Budnik


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message