mesos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Qian Zhang <zhq527...@gmail.com>
Subject [Port mapping] Discuss where to validate the host port container wants to expose to is from the offered resources
Date Sat, 08 Oct 2016 03:14:36 GMT
Hi All,

I am currently working on MESOS-6106
<https://issues.apache.org/jira/browse/MESOS-6106>, the purpose of this
ticket is to validate the host port container wants to expose to is from
the offered resources, so that we can ensure container will not expose to
an arbitrary host port.

My idea is, we validate `ContainerInfo.NetworkInfo.PortMapping.host_port`
against the offered resources in master ("Master::_accept()") by adding a
new validate method in "src/master/validation.cpp", and in agent, we can
also double check it in the "prepare()" method of CNI isolator.

However, I see for DockContainerizer, we do the similar validation on in
agent (
https://github.com/apache/mesos/blob/1.0.1/src/docker/docker.cpp#L718:#L729)
but not in master. @Tim Chen, can you please let me know why we did such
validation only in agent but not in master? Is it because
"ContainerInfo.DockerInfo.PortMapping" is DockerContainerizer specific and
we only want to do generic validation in master?

@Jie and @BenM, please also let me know your comments, thanks!


Thanks,
Qian Zhang

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message