mesos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jie Yu" <yujie....@gmail.com>
Subject Re: Review Request 31444: Support chrooting in MesosContainerizer launch helper.
Date Sat, 21 Mar 2015 00:37:27 GMT


> On March 21, 2015, 12:21 a.m., Chi Zhang wrote:
> > src/slave/containerizer/mesos/launch.cpp, line 296
> > <https://reviews.apache.org/r/31444/diff/2/?file=898403#file898403line296>
> >
> >     From my testing, you only need to make-slave on the newRoot for the pivot_root
to work.
> >     
> >     Is the make-rslave on the / a good-to-have or required? could it possibly not
matter to do it because once you do the chroot in a few steps, mount points under the old
/ can't be seen anyway?
> >     
> >     This patch has a lot of tricky maneuvers i think documenting the 'minimumly
required' steps to achieve the goal is very important. it can be hard to make a change in
the future.

I think make-rslave on / is to make sure any existing mounts are not shared mount because
we will umount them after pivot_root. We don't want those umount be polulated to the host
mount table.


- Jie


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31444/#review77307
-----------------------------------------------------------


On March 17, 2015, 10:44 p.m., Ian Downes wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31444/
> -----------------------------------------------------------
> 
> (Updated March 17, 2015, 10:44 p.m.)
> 
> 
> Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, Jie Yu, and James
Peach.
> 
> 
> Bugs: MESOS-2350
>     https://issues.apache.org/jira/browse/MESOS-2350
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Optionally take a path that the launch helper should chroot to before exec'ing the executor.
It is assumed that the work directory is mounted to the appropriate location under the chroot.
In particular, the path to the executor must be relative to the chroot.
> 
> Configuration that should be private to the chroot is done during the launch, e.g. mounting
proc and statically configuring basic devices. It is assumed that other configuration, e.g.,
preparing the image, mounting in volumes or persistent resources, is done by the caller.
> 
> Mounts can be made to the chroot (e.g., updating the volumes or persistent resources)
and they will propagate in to the container but mounts made inside the container will not
propagate out to the host.
> 
> It currently assumes that at least {{chroot}}/tmp is writeable and that mount points
{{chroot}}/{tmp,dev,proc,sys} exist in the chroot.
> 
> This is specific to Linux.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/launch.hpp 7c8b535746b5ce9add00afef86fdb6faefb5620e 
>   src/slave/containerizer/mesos/launch.cpp 2f2d60e2011f60ec711d3b29fd2c157e30c83c34 
> 
> Diff: https://reviews.apache.org/r/31444/diff/
> 
> 
> Testing
> -------
> 
> Manual testing only so far. This is harder to automate because we need a self-contained
chroot to execute something in... Suggestions welcome.
> 
> 
> Thanks,
> 
> Ian Downes
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message