mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jie Yu" <yujie....@gmail.com>
Subject Review Request 36930: Forced the network isolator to use the mount namespace.
Date Thu, 30 Jul 2015 00:19:22 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/36930/
-----------------------------------------------------------

Review request for mesos, Chi Zhang and Vinod Kone.


Repository: mesos


Description
-------

Forced the network isolator to use the mount namespace.

The code of the network isolator actually relies on the fact that the child is in a seprate
mount namespace. For example:
https://github.com/apache/mesos/blob/master/src/slave/containerizer/isolators/network/port_mapping.cpp#L1527
https://github.com/apache/mesos/blob/master/src/slave/containerizer/isolators/network/port_mapping.cpp#L3533

It originally depends on mount namespace, but was removed in this patch:
https://reviews.apache.org/r/26274

That was a bug to me. It didn't cause any issue because we don't clone the mounts (since we
are not using mount namespace) anymore after the above patch. So the kernel won't have an
extra reference to the mount when we try to umount it in `_cleanup()`.


Diffs
-----

  src/slave/containerizer/isolators/network/port_mapping.cpp 3f6e9df8711995d0dd3903c6170fdd5ad61aac5a


Diff: https://reviews.apache.org/r/36930/diff/


Testing
-------

sudo make check


Thanks,

Jie Yu


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message