You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@mesos.apache.org by Qian Zhang <zh...@gmail.com> on 2018/06/20 02:37:36 UTC

Review Request 67662: Allowed mounts if the container is launched in a new mount namespace.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67662/
-----------------------------------------------------------

Review request for mesos, Gilbert Song and Jason Lai.


Bugs: MESOS-8327
    https://issues.apache.org/jira/browse/MESOS-8327


Repository: mesos


Description
-------

Allowed mounts if the container is launched in a new mount namespace.


Diffs
-----

  src/slave/containerizer/mesos/launch.cpp cec6558d0ac61bf0fec87d2e101e8f84730a765a 


Diff: https://reviews.apache.org/r/67662/diff/1/


Testing
-------


Thanks,

Qian Zhang

Re: Review Request 67662: Allowed mounts if the container is launched in a new mount namespace.

Posted by Gilbert Song <so...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67662/#review205321
-----------------------------------------------------------


Ship it!




Ship It!

- Gilbert Song


On June 19, 2018, 7:37 p.m., Qian Zhang wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67662/
> -----------------------------------------------------------
> 
> (Updated June 19, 2018, 7:37 p.m.)
> 
> 
> Review request for mesos, Gilbert Song and Jason Lai.
> 
> 
> Bugs: MESOS-8327
>     https://issues.apache.org/jira/browse/MESOS-8327
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Allowed mounts if the container is launched in a new mount namespace.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/launch.cpp cec6558d0ac61bf0fec87d2e101e8f84730a765a 
> 
> 
> Diff: https://reviews.apache.org/r/67662/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Qian Zhang
> 
>

Re: Review Request 67662: Allowed mounts if the container is launched in a new mount namespace.

Posted by Qian Zhang <zh...@gmail.com>.


> On June 23, 2018, 8:07 a.m., Gilbert Song wrote:
> > src/slave/containerizer/mesos/launch.cpp
> > Lines 676-680 (original)
> > <https://reviews.apache.org/r/67662/diff/1/?file=2042649#file2042649line676>
> >
> >     I just created https://issues.apache.org/jira/browse/MESOS-9023
> >     
> >     Could we add a TODO which mention that we want to add this check back once MESOS-9023 is resolved?
> >     
> >     The reason we need this check is mount propagation, see `MountPropagation` protobuf message in mesos.proto. Currently we do allow users to configure whether they want the mounts for a container to propagate back to the host filesystems. We don't want to allow it for command task.

If we do not want to allow the mounts for a container to propagate back to the host filesystems for command task, then we need to ensure there is no mounts with `MS_SHARED` rather than simply disallowing any mounts, right?


- Qian


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67662/#review205255
-----------------------------------------------------------


On June 20, 2018, 10:37 a.m., Qian Zhang wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67662/
> -----------------------------------------------------------
> 
> (Updated June 20, 2018, 10:37 a.m.)
> 
> 
> Review request for mesos, Gilbert Song and Jason Lai.
> 
> 
> Bugs: MESOS-8327
>     https://issues.apache.org/jira/browse/MESOS-8327
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Allowed mounts if the container is launched in a new mount namespace.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/launch.cpp cec6558d0ac61bf0fec87d2e101e8f84730a765a 
> 
> 
> Diff: https://reviews.apache.org/r/67662/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Qian Zhang
> 
>

Re: Review Request 67662: Allowed mounts if the container is launched in a new mount namespace.

Posted by Gilbert Song <so...@gmail.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67662/#review205255
-----------------------------------------------------------




src/slave/containerizer/mesos/launch.cpp
Lines 676-680 (original)
<https://reviews.apache.org/r/67662/#comment288180>

    I just created https://issues.apache.org/jira/browse/MESOS-9023
    
    Could we add a TODO which mention that we want to add this check back once MESOS-9023 is resolved?
    
    The reason we need this check is mount propagation, see `MountPropagation` protobuf message in mesos.proto. Currently we do allow users to configure whether they want the mounts for a container to propagate back to the host filesystems. We don't want to allow it for command task.


- Gilbert Song


On June 19, 2018, 7:37 p.m., Qian Zhang wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67662/
> -----------------------------------------------------------
> 
> (Updated June 19, 2018, 7:37 p.m.)
> 
> 
> Review request for mesos, Gilbert Song and Jason Lai.
> 
> 
> Bugs: MESOS-8327
>     https://issues.apache.org/jira/browse/MESOS-8327
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Allowed mounts if the container is launched in a new mount namespace.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/launch.cpp cec6558d0ac61bf0fec87d2e101e8f84730a765a 
> 
> 
> Diff: https://reviews.apache.org/r/67662/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Qian Zhang
> 
>

Re: Review Request 67662: Allowed mounts if the container is launched in a new mount namespace.

Posted by Mesos Reviewbot Windows <re...@mesos.apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67662/#review205044
-----------------------------------------------------------



PASS: Mesos patch 67662 was successfully built and tested.

Reviews applied: `['67662']`

All the build artifacts available at: http://dcos-win.westus.cloudapp.azure.com/mesos-build/review/67662

- Mesos Reviewbot Windows


On June 19, 2018, 7:37 p.m., Qian Zhang wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67662/
> -----------------------------------------------------------
> 
> (Updated June 19, 2018, 7:37 p.m.)
> 
> 
> Review request for mesos, Gilbert Song and Jason Lai.
> 
> 
> Bugs: MESOS-8327
>     https://issues.apache.org/jira/browse/MESOS-8327
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Allowed mounts if the container is launched in a new mount namespace.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/launch.cpp cec6558d0ac61bf0fec87d2e101e8f84730a765a 
> 
> 
> Diff: https://reviews.apache.org/r/67662/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Qian Zhang
> 
>