mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Qian Zhang <zhq527...@gmail.com>
Subject Re: Review Request 70514: Made nested contaienr can access its sandbox via `MESOS_SANDBOX`.
Date Fri, 26 Apr 2019 07:10:59 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70514/
-----------------------------------------------------------

(Updated April 26, 2019, 3:10 p.m.)


Review request for mesos, Andrei Budnik, Gilbert Song, and James Peach.


Changes
-------

Addressed review comments.


Bugs: MESOS-9536
    https://issues.apache.org/jira/browse/MESOS-9536


Repository: mesos


Description (updated)
-------

Previously in MESOS-8332 we narrowed task sandbox permissions from 0755
to 0750 which will cause nested container may not has permission to
access its sandbox via the environment variable `MESOS_SANDBOX`. Now in
this patch, for nested container which does not have its own rootfs, we
bind mount its sandbox to the directory specified via the agent flag
`--sandbox_directory` and set `MESOS_SANDBOX` to `--sandbox_directory`
as well, in this way such nested container will have the permission
to access its sandbox via `MESOS_SANDBOX`.


Diffs (updated)
-----

  src/slave/containerizer/mesos/containerizer.cpp 043244841a73fa3f5f7119bc38f6d3a04be8990b

  src/slave/containerizer/mesos/isolators/filesystem/linux.cpp 725754f26855ea54ccf8cbcb288ee3b29e8ed4e7



Diff: https://reviews.apache.org/r/70514/diff/2/

Changes: https://reviews.apache.org/r/70514/diff/1-2/


Testing
-------


Thanks,

Qian Zhang


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message