mesos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Timothy St. Clair (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MESOS-1094) Introduce pid namespace abstraction to subprocess
Date Tue, 18 Mar 2014 20:14:43 GMT

    [ https://issues.apache.org/jira/browse/MESOS-1094?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13939714#comment-13939714
] 

Timothy St. Clair commented on MESOS-1094:
------------------------------------------

Example Below: 

-------------------------------------------------
Simplified cmake goo: 

check_function_exists("unshare" HAVE_UNSHARE)
check_symbol_exists(MS_PRIVATE "sys/mount.h" HAVE_MS_PRIVATE)
check_symbol_exists(MS_SHARED  "sys/mount.h" HAVE_MS_SHARED)
check_symbol_exists(MS_SLAVE  "sys/mount.h" HAVE_MS_SLAVE)
check_symbol_exists(MS_REC  "sys/mount.h" HAVE_MS_REC)
...
drop config.h

-------------------------------------------------
pseudo_condor_code.cpp
-------------------------------------------------
#ifdef HAVE_UNSHARE
        int rc=0;
        // unshare to create new namespace.
        if ( ( rc = ::unshare(CLONE_NEWNS|CLONE_FS) ) ) {
            dprintf(D_ALWAYS, "Failed to unshare the mount namespace errno\n");
        }
#if defined(HAVE_MS_SLAVE) && defined(HAVE_MS_REC)
        else {
            ////////////////////////////////////////////////////////
            // slave mount hide the per-process hide the namespace
            // @ see http://timothysc.github.com/blog/2013/02/22/perprocess/
            ////////////////////////////////////////////////////////
            if ( ( rc = ::mount("", "/", "dontcare", MS_REC|MS_SLAVE, "") ) ) {
                dprintf(D_ALWAYS, "Failed to unshare the mount namespace\n");
            }
        }
#endif


> Introduce pid namespace abstraction to subprocess
> -------------------------------------------------
>
>                 Key: MESOS-1094
>                 URL: https://issues.apache.org/jira/browse/MESOS-1094
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: Niklas Quarfot Nielsen
>            Assignee: Niklas Quarfot Nielsen
>
> Introducing PID namespacing could simplify signal escalation and process control in for
example the command executor and pluggable containerizer.
> Along the lines of the Fork Exec abstraction in stout, I suggest that we add an abstraction
for Linux namespaces.
> LinuxNamespace(PID /* | IPC | mount | ...*/, Fork(Exec("sleep 10"))
> It would be guarded or add convenience methods to ensure system support, for example
bool LinuxNamespace::supports(PID /* | IPC | ... */) or simply let the namespace fall back
to regular fork/exec.
> I have a proof-of-concept version of the command executor which use PID namespaces (in
combination with delay/escalation), and it feels like details around stack allocation and
management could be captured in a new abstraction and make it a neat and nice subsystem to
use.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message