mesos-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gilb...@apache.org
Subject [mesos] 07/10: Updated `volume/secret` isolator to honor volume mode.
Date Wed, 15 Aug 2018 00:58:55 GMT
This is an automated email from the ASF dual-hosted git repository.

gilbert pushed a commit to branch 1.7.x
in repository https://gitbox.apache.org/repos/asf/mesos.git

commit eb728f0f57f66da98b79eee62c60622a96419130
Author: Qian Zhang <zhq527725@gmail.com>
AuthorDate: Tue Aug 14 16:19:34 2018 -0700

    Updated `volume/secret` isolator to honor volume mode.
    
    Review: https://reviews.apache.org/r/68219/
---
 src/slave/containerizer/mesos/isolators/volume/secret.cpp | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/slave/containerizer/mesos/isolators/volume/secret.cpp b/src/slave/containerizer/mesos/isolators/volume/secret.cpp
index 663aafc..7a9bb82 100644
--- a/src/slave/containerizer/mesos/isolators/volume/secret.cpp
+++ b/src/slave/containerizer/mesos/isolators/volume/secret.cpp
@@ -276,6 +276,19 @@ Future<Option<ContainerLaunchInfo>> VolumeSecretIsolatorProcess::prepare(
     command->add_arguments(sandboxSecretPath);
     command->add_arguments(targetContainerPath);
 
+    // If the mount needs to be read-only, do a remount.
+    if (volume.mode() == Volume::RO) {
+      command = launchInfo.add_pre_exec_commands();
+      command->set_shell(false);
+      command->set_value("mount");
+      command->add_arguments("mount");
+      command->add_arguments("-n");
+      command->add_arguments("-o");
+      command->add_arguments("bind,ro,remount");
+      command->add_arguments(sandboxSecretPath);
+      command->add_arguments(targetContainerPath);
+    }
+
     Future<Nothing> future = secretResolver->resolve(secret)
       .then([hostSecretPath](const Secret::Value& value) -> Future<Nothing>
{
         Try<Nothing> writeSecret = os::write(hostSecretPath, value.data());


Mime
View raw message