mesos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ian Downes" <ian.dow...@gmail.com>
Subject Re: Review Request 25865: Pid namespace isolator for the MesosContainerizer.
Date Thu, 23 Oct 2014 17:48:18 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25865/
-----------------------------------------------------------

(Updated Oct. 23, 2014, 10:48 a.m.)


Review request for mesos, Jie Yu and Vinod Kone.


Repository: mesos-git


Description
-------

Add namespaces/pid to --isolation slave flag. Places executor into a pid namespace so it and
all descendants will be contained in the namespace. Requires the filesystem/shared isolator
so /proc and /sys are remounted to reflect the different namespace.


Diffs (updated)
-----

  src/Makefile.am 2617f77b757cb7414889520c88b1bc203dedef09 
  src/slave/containerizer/isolators/namespaces/pid.hpp PRE-CREATION 
  src/slave/containerizer/isolators/namespaces/pid.cpp PRE-CREATION 
  src/slave/containerizer/linux_launcher.cpp f7bc894830a7ca3f55465dacc7b653cdc2d7758b 
  src/slave/containerizer/mesos/containerizer.cpp 9f745d897119a814bd9f8e1b6a0ce5eaef60ed36

  src/tests/isolator_tests.cpp 52b38a38eaafde3c42d464caa7bb028ba970a291 

Diff: https://reviews.apache.org/r/25865/diff/


Testing
-------

Added test that command in pid namespaced container is in a different namespace and that the
command is 'init' (verifies remount of /proc).


Thanks,

Ian Downes


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message