You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ji...@apache.org on 2016/02/11 02:38:08 UTC
[6/6] mesos git commit: Prevented linux fs isolator mounting rootfs
for command executor.
Prevented linux fs isolator mounting rootfs for command executor.
Review: https://reviews.apache.org/r/43456/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/e8440580
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/e8440580
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/e8440580
Branch: refs/heads/master
Commit: e84405800103866941215be7bfc486ddf0b56191
Parents: 38df717
Author: Gilbert Song <so...@gmail.com>
Authored: Wed Feb 10 16:55:40 2016 -0800
Committer: Jie Yu <yu...@gmail.com>
Committed: Wed Feb 10 16:55:40 2016 -0800
----------------------------------------------------------------------
include/mesos/slave/isolator.proto | 3 +++
src/slave/containerizer/mesos/isolators/filesystem/linux.cpp | 6 +++---
2 files changed, 6 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/e8440580/include/mesos/slave/isolator.proto
----------------------------------------------------------------------
diff --git a/include/mesos/slave/isolator.proto b/include/mesos/slave/isolator.proto
index 5a44b68..60a9bb6 100644
--- a/include/mesos/slave/isolator.proto
+++ b/include/mesos/slave/isolator.proto
@@ -77,6 +77,9 @@ message ContainerConfig {
// The user the task will be run as.
optional string user = 4;
+ // NOTE: 'rootfs' and 'docker' below are for the executor in custom
+ // executor case, and they are for the task in command task case.
+
// The root filesystem for the container.
optional string rootfs = 5;
http://git-wip-us.apache.org/repos/asf/mesos/blob/e8440580/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp b/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
index b9615be..7fdf518 100644
--- a/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
+++ b/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
@@ -278,7 +278,7 @@ Future<Option<ContainerLaunchInfo>> LinuxFilesystemIsolatorProcess::prepare(
ContainerLaunchInfo launchInfo;
launchInfo.set_namespaces(CLONE_NEWNS);
- if (containerConfig.has_rootfs()) {
+ if (!containerConfig.has_task_info() && containerConfig.has_rootfs()) {
// If the container changes its root filesystem, we need to mount
// the container's work directory into its root filesystem
// (creating it if needed) so that the executor and the task can
@@ -462,7 +462,7 @@ Try<string> LinuxFilesystemIsolatorProcess::script(
string target;
if (strings::startsWith(volume.container_path(), "/")) {
- if (containerConfig.has_rootfs()) {
+ if (!containerConfig.has_task_info() && containerConfig.has_rootfs()) {
target = path::join(
containerConfig.rootfs(),
volume.container_path());
@@ -481,7 +481,7 @@ Try<string> LinuxFilesystemIsolatorProcess::script(
// 'rootfs' because a user can potentially use a container path
// like '/../../abc'.
} else {
- if (containerConfig.has_rootfs()) {
+ if (!containerConfig.has_task_info() && containerConfig.has_rootfs()) {
target = path::join(containerConfig.rootfs(),
flags.sandbox_directory,
volume.container_path());