You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by gi...@apache.org on 2018/08/14 23:57:59 UTC
[mesos] 07/10: Updated `volume/secret` isolator to honor volume
mode.
This is an automated email from the ASF dual-hosted git repository.
gilbert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 085e8419830fa208d3ee982000426bb4cd651798
Author: Qian Zhang <zh...@gmail.com>
AuthorDate: Tue Aug 14 16:19:34 2018 -0700
Updated `volume/secret` isolator to honor volume mode.
Review: https://reviews.apache.org/r/68219/
---
src/slave/containerizer/mesos/isolators/volume/secret.cpp | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/src/slave/containerizer/mesos/isolators/volume/secret.cpp b/src/slave/containerizer/mesos/isolators/volume/secret.cpp
index 663aafc..7a9bb82 100644
--- a/src/slave/containerizer/mesos/isolators/volume/secret.cpp
+++ b/src/slave/containerizer/mesos/isolators/volume/secret.cpp
@@ -276,6 +276,19 @@ Future<Option<ContainerLaunchInfo>> VolumeSecretIsolatorProcess::prepare(
command->add_arguments(sandboxSecretPath);
command->add_arguments(targetContainerPath);
+ // If the mount needs to be read-only, do a remount.
+ if (volume.mode() == Volume::RO) {
+ command = launchInfo.add_pre_exec_commands();
+ command->set_shell(false);
+ command->set_value("mount");
+ command->add_arguments("mount");
+ command->add_arguments("-n");
+ command->add_arguments("-o");
+ command->add_arguments("bind,ro,remount");
+ command->add_arguments(sandboxSecretPath);
+ command->add_arguments(targetContainerPath);
+ }
+
Future<Nothing> future = secretResolver->resolve(secret)
.then([hostSecretPath](const Secret::Value& value) -> Future<Nothing> {
Try<Nothing> writeSecret = os::write(hostSecretPath, value.data());