mesos-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ji...@apache.org
Subject [2/3] mesos git commit: Forced the network isolator to use the mount namespace.
Date Mon, 03 Aug 2015 17:20:06 GMT
Forced the network isolator to use the mount namespace.

Review: https://reviews.apache.org/r/36930


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/351a40e8
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/351a40e8
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/351a40e8

Branch: refs/heads/master
Commit: 351a40e8c7945f55743f31412a1a70ac9e4464e0
Parents: 3620efc
Author: Jie Yu <yujie.jay@gmail.com>
Authored: Wed Jul 29 17:14:04 2015 -0700
Committer: Jie Yu <yujie.jay@gmail.com>
Committed: Mon Aug 3 10:15:24 2015 -0700

----------------------------------------------------------------------
 src/slave/containerizer/isolators/network/port_mapping.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/351a40e8/src/slave/containerizer/isolators/network/port_mapping.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/isolators/network/port_mapping.cpp b/src/slave/containerizer/isolators/network/port_mapping.cpp
index 3f6e9df..8244c34 100644
--- a/src/slave/containerizer/isolators/network/port_mapping.cpp
+++ b/src/slave/containerizer/isolators/network/port_mapping.cpp
@@ -1628,7 +1628,12 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags&
flags)
 
 process::Future<Option<int>> PortMappingIsolatorProcess::namespaces()
 {
-  return CLONE_NEWNET;
+  // NOTE: the port mapping isolator itself doesn't require mount
+  // namespace. However, if mount namespace is enabled because of
+  // other isolators, we need to set mount sharing accordingly for
+  // PORT_MAPPING_BIND_MOUNT_ROOT to avoid races described in
+  // MESOS-1558. So we turn on mount namespace here for consistency.
+  return CLONE_NEWNET | CLONE_NEWNS;
 }
 
 


Mime
View raw message