mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Qian Zhang (JIRA)" <>
Subject [jira] [Updated] (MESOS-7853) Support shared PID namespace.
Date Fri, 04 Aug 2017 01:29:00 GMT


Qian Zhang updated MESOS-7853:
    Sprint: Mesosphere Sprint 61

> Support shared PID namespace.
> -----------------------------
>                 Key: MESOS-7853
>                 URL:
>             Project: Mesos
>          Issue Type: Task
>          Components: containerization
>            Reporter: Gilbert Song
>            Assignee: Qian Zhang
>              Labels: containerizer, mesosphere, namespaces
> Currently, with the 'namespaces/pid' isolator enabled, each container will have its own
pid namespace. This does not meet the need for some scenarios. For example, under the same
executor container, one task wants to reach out to another task which need to share the same
pid namespace.
> We should support container pid namespace to be configurable. Users can choose one container
to share its parent's pid namespace or not.
> User facing API:
> {noformat}
> message LinuxInfo {
>   ......
>   // True if it shares the pid namepace with its parent. If the
>   // container is a top level container, it means share the pid
>   // namespace with the agent. If the container is a nested
>   // container, it means share the pid namespce with its parent
>   // container. This field will be ignored if 'namespaces/pid'
>   // isolator is not enabled.
>   optional bool share_pid_namespace = 4;
> }
> {noformat}
> A new agent flag:
> --disallow_top_level_pid_ns_sharing (defaults to be: false)
> this is a security concern from operator's perspective. While some of the nested containers
share the pid namespace from their parents, the top level containers always not share the
pid ns from the agent.

This message was sent by Atlassian JIRA

View raw message