mesos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ben Mahler" <benjamin.mah...@gmail.com>
Subject Re: Review Request 25865: Pid namespace isolator for the MesosContainerizer.
Date Sat, 25 Oct 2014 00:52:25 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25865/#review58450
-----------------------------------------------------------

Ship it!



src/slave/containerizer/isolators/namespaces/pid.hpp
<https://reviews.apache.org/r/25865/#comment99467>

    s/.././



src/slave/containerizer/isolators/namespaces/pid.cpp
<https://reviews.apache.org/r/25865/#comment99469>

    Can you wrap at 70 everywhere for comments?



src/slave/containerizer/isolators/namespaces/pid.cpp
<https://reviews.apache.org/r/25865/#comment99471>

    Maybe a bit of an explanation of the masking technique used?



src/slave/containerizer/isolators/namespaces/pid.cpp
<https://reviews.apache.org/r/25865/#comment99479>

    I'm curious if we can name bindSource and bindTarget to reflect what these are returning
without referring to the way the caller uses them:
    
    source -> namespaceProcfile?
    target -> namespaceHandle?



src/slave/containerizer/isolators/namespaces/pid.cpp
<https://reviews.apache.org/r/25865/#comment99478>

    Maybe add a string about stat failing inside the error message?


- Ben Mahler


On Oct. 24, 2014, 10:04 p.m., Ian Downes wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/25865/
> -----------------------------------------------------------
> 
> (Updated Oct. 24, 2014, 10:04 p.m.)
> 
> 
> Review request for mesos, Ben Mahler and Jie Yu.
> 
> 
> Repository: mesos-git
> 
> 
> Description
> -------
> 
> Add namespaces/pid to --isolation slave flag. Places executor into a pid namespace so
it and all descendants will be contained in the namespace. Requires the filesystem/shared
isolator so /proc and /sys are remounted to reflect the different namespace.
> 
> 
> Diffs
> -----
> 
>   src/Makefile.am 2617f77b757cb7414889520c88b1bc203dedef09 
>   src/slave/containerizer/isolators/namespaces/pid.hpp PRE-CREATION 
>   src/slave/containerizer/isolators/namespaces/pid.cpp PRE-CREATION 
>   src/slave/containerizer/linux_launcher.cpp f7bc894830a7ca3f55465dacc7b653cdc2d7758b

>   src/slave/containerizer/mesos/containerizer.cpp 9f745d897119a814bd9f8e1b6a0ce5eaef60ed36

>   src/tests/isolator_tests.cpp 52b38a38eaafde3c42d464caa7bb028ba970a291 
> 
> Diff: https://reviews.apache.org/r/25865/diff/
> 
> 
> Testing
> -------
> 
> Added test that command in pid namespaced container is in a different namespace and that
the command is 'init' (verifies remount of /proc).
> 
> 
> Thanks,
> 
> Ian Downes
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message