mesos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ian Downes" <ian.dow...@gmail.com>
Subject Re: Review Request 25865: Pid namespace isolator for the MesosContainerizer.
Date Tue, 14 Oct 2014 20:33:22 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25865/
-----------------------------------------------------------

(Updated Oct. 14, 2014, 1:33 p.m.)


Review request for mesos, Jie Yu and Vinod Kone.


Changes
-------

Added comments. Moved some code into cpp. Removed some unnecessary isolator dependencies.


Repository: mesos-git


Description
-------

Add namespaces/pid to --isolation slave flag. Places executor into a pid namespace so it and
all descendants will be contained in the namespace. Requires the filesystem/shared isolator
so /proc and /sys are remounted to reflect the different namespace.


Diffs (updated)
-----

  src/Makefile.am d503c8df73cda15a9d59254e8265e4a5d0e003a4 
  src/slave/containerizer/isolators/namespaces/pid.hpp PRE-CREATION 
  src/slave/containerizer/isolators/namespaces/pid.cpp PRE-CREATION 
  src/slave/containerizer/linux_launcher.cpp f7bc894830a7ca3f55465dacc7b653cdc2d7758b 
  src/slave/containerizer/mesos/containerizer.cpp 9d083294caa5c5a47ba3ceaa1b57346144cb795c

  src/tests/isolator_tests.cpp c38f87632cb6984543cb3767dbd656cde7459610 

Diff: https://reviews.apache.org/r/25865/diff/


Testing
-------

Added test that command in pid namespaced container is in a different namespace and that the
command is 'init' (verifies remount of /proc).


Thanks,

Ian Downes


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message