You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by Jie Yu <yu...@gmail.com> on 2016/03/31 03:47:24 UTC
Review Request 45520: Fixed the bind mount root issue in port mapping
isolator.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45520/
-----------------------------------------------------------
Review request for mesos, Ian Downes and Cong Wang.
Bugs: MESOS-4662
https://issues.apache.org/jira/browse/MESOS-4662
Repository: mesos
Description
-------
Fixed the bind mount root issue in port mapping isolator. This patch fixed two issues:
1) no long assume /var/run/netns is a realpath
2) made sure /var/run/netns is a shared mount in its own mount peer group
Diffs
-----
src/slave/containerizer/mesos/isolators/network/port_mapping.hpp 0fe2f486eb733acf738c1c61fc44f820d7401afc
src/slave/containerizer/mesos/isolators/network/port_mapping.cpp 323c84a3d960a196d8ba87f753814e9d43a07957
src/tests/containerizer/port_mapping_tests.cpp e062daa9fcfc776144b48325daa1f1284c5e59a4
Diff: https://reviews.apache.org/r/45520/diff/
Testing
-------
sudo make check on Fedora23
Thanks,
Jie Yu
Re: Review Request 45520: Used realpath for the bind mount root in
port mapping isolator.
Posted by Cong Wang <xi...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45520/#review126871
-----------------------------------------------------------
Ship it!
You don't have to pass the real path to all the places, other places than the mount table checking should be fine. But I am totally fine with this patch too.
Please consider to backport this to other releases.
- Cong Wang
On April 4, 2016, 5:29 p.m., Jie Yu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45520/
> -----------------------------------------------------------
>
> (Updated April 4, 2016, 5:29 p.m.)
>
>
> Review request for mesos, Ian Downes and Cong Wang.
>
>
> Bugs: MESOS-4662
> https://issues.apache.org/jira/browse/MESOS-4662
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Used realpath for the bind mount root in port mapping isolator.
>
>
> Diffs
> -----
>
> src/slave/containerizer/mesos/isolators/network/port_mapping.hpp 0fe2f486eb733acf738c1c61fc44f820d7401afc
> src/slave/containerizer/mesos/isolators/network/port_mapping.cpp 323c84a3d960a196d8ba87f753814e9d43a07957
> src/tests/containerizer/port_mapping_tests.cpp e062daa9fcfc776144b48325daa1f1284c5e59a4
>
> Diff: https://reviews.apache.org/r/45520/diff/
>
>
> Testing
> -------
>
> sudo make check on Fedora23
>
>
> Thanks,
>
> Jie Yu
>
>
Re: Review Request 45520: Used realpath for the bind mount root in
port mapping isolator.
Posted by Jie Yu <yu...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45520/
-----------------------------------------------------------
(Updated April 4, 2016, 5:29 p.m.)
Review request for mesos, Ian Downes and Cong Wang.
Changes
-------
Split the patch per review comments.
Summary (updated)
-----------------
Used realpath for the bind mount root in port mapping isolator.
Bugs: MESOS-4662
https://issues.apache.org/jira/browse/MESOS-4662
Repository: mesos
Description (updated)
-------
Used realpath for the bind mount root in port mapping isolator.
Diffs (updated)
-----
src/slave/containerizer/mesos/isolators/network/port_mapping.hpp 0fe2f486eb733acf738c1c61fc44f820d7401afc
src/slave/containerizer/mesos/isolators/network/port_mapping.cpp 323c84a3d960a196d8ba87f753814e9d43a07957
src/tests/containerizer/port_mapping_tests.cpp e062daa9fcfc776144b48325daa1f1284c5e59a4
Diff: https://reviews.apache.org/r/45520/diff/
Testing
-------
sudo make check on Fedora23
Thanks,
Jie Yu
Re: Review Request 45520: Fixed the bind mount root issue in port
mapping isolator.
Posted by Jie Yu <yu...@gmail.com>.
> On March 31, 2016, 5:59 p.m., Cong Wang wrote:
> > Why /var/run/netns could be in the same mount peer group with its parent? At least on fedora21 this is not the case.
> >
> > Also, why do you fix two bugs in one patch? I know you don't care about bisect, but even so this is still not a good practice at all.
>
> Jie Yu wrote:
> I'll split the patch. Regarding the mount peer groups issue, here is the test I did on fedora23:
> ```
> [vagrant@localhost build]$ cat /proc/self/mountinfo
> 17 58 0:17 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel
> 18 58 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
> 19 58 0:6 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=4076012k,nr_inodes=1019003,mode=755
> 20 17 0:18 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
> 21 19 0:19 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
> 22 19 0:13 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
> 23 58 0:20 / /run rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
> 24 17 0:21 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs ro,seclabel,mode=755
> 25 24 0:22 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
> 26 17 0:23 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:19 - pstore pstore rw,seclabel
> 27 24 0:24 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,blkio
> 28 24 0:25 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,net_cls,net_prio
> 29 24 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,freezer
> 30 24 0:27 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,memory
> 31 24 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,perf_event
> 32 24 0:29 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,cpu,cpuacct
> 33 24 0:30 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,devices
> 34 24 0:31 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,hugetlb
> 35 24 0:32 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,cpuset
> 56 17 0:33 / /sys/kernel/config rw,relatime shared:20 - configfs configfs rw
> 58 0 8:1 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,seclabel,data=ordered
> 36 17 0:16 / /sys/fs/selinux rw,relatime shared:21 - selinuxfs selinuxfs rw
> 37 18 0:34 / /proc/sys/fs/binfmt_misc rw,relatime shared:23 - autofs systemd-1 rw,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct
> 38 19 0:35 / /dev/hugepages rw,relatime shared:24 - hugetlbfs hugetlbfs rw,seclabel
> 39 19 0:15 / /dev/mqueue rw,relatime shared:25 - mqueue mqueue rw,seclabel
> 40 17 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs rw,seclabel
> 70 23 0:36 / /run/user/1001 rw,nosuid,nodev,relatime shared:27 - tmpfs tmpfs rw,seclabel,size=817560k,mode=700,uid=1001,gid=1001
> [vagrant@localhost build]$ sudo mount^C
> [vagrant@localhost build]$ sudo mkdir /run/netns
> [vagrant@localhost build]$ sudo mount --bind /run/netns /run/netns
> [vagrant@localhost build]$ cat /proc/self/mountinfo
> 17 58 0:17 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel
> 18 58 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
> 19 58 0:6 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=4076012k,nr_inodes=1019003,mode=755
> 20 17 0:18 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
> 21 19 0:19 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
> 22 19 0:13 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
> 23 58 0:20 / /run rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
> 24 17 0:21 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs ro,seclabel,mode=755
> 25 24 0:22 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
> 26 17 0:23 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:19 - pstore pstore rw,seclabel
> 27 24 0:24 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,blkio
> 28 24 0:25 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,net_cls,net_prio
> 29 24 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,freezer
> 30 24 0:27 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,memory
> 31 24 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,perf_event
> 32 24 0:29 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,cpu,cpuacct
> 33 24 0:30 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,devices
> 34 24 0:31 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,hugetlb
> 35 24 0:32 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,cpuset
> 56 17 0:33 / /sys/kernel/config rw,relatime shared:20 - configfs configfs rw
> 58 0 8:1 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,seclabel,data=ordered
> 36 17 0:16 / /sys/fs/selinux rw,relatime shared:21 - selinuxfs selinuxfs rw
> 37 18 0:34 / /proc/sys/fs/binfmt_misc rw,relatime shared:23 - autofs systemd-1 rw,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct
> 38 19 0:35 / /dev/hugepages rw,relatime shared:24 - hugetlbfs hugetlbfs rw,seclabel
> 39 19 0:15 / /dev/mqueue rw,relatime shared:25 - mqueue mqueue rw,seclabel
> 40 17 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs rw,seclabel
> 70 23 0:36 / /run/user/1001 rw,nosuid,nodev,relatime shared:27 - tmpfs tmpfs rw,seclabel,size=817560k,mode=700,uid=1001,gid=1001
> 72 23 0:20 /netns /run/netns rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
> [vagrant@localhost build]$ sudo mount --make-shared /run/netns
> [vagrant@localhost build]$ cat /proc/self/mountinfo
> 17 58 0:17 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel
> 18 58 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
> 19 58 0:6 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=4076012k,nr_inodes=1019003,mode=755
> 20 17 0:18 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
> 21 19 0:19 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
> 22 19 0:13 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
> 23 58 0:20 / /run rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
> 24 17 0:21 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs ro,seclabel,mode=755
> 25 24 0:22 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
> 26 17 0:23 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:19 - pstore pstore rw,seclabel
> 27 24 0:24 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,blkio
> 28 24 0:25 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,net_cls,net_prio
> 29 24 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,freezer
> 30 24 0:27 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,memory
> 31 24 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,perf_event
> 32 24 0:29 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,cpu,cpuacct
> 33 24 0:30 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,devices
> 34 24 0:31 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,hugetlb
> 35 24 0:32 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,cpuset
> 56 17 0:33 / /sys/kernel/config rw,relatime shared:20 - configfs configfs rw
> 58 0 8:1 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,seclabel,data=ordered
> 36 17 0:16 / /sys/fs/selinux rw,relatime shared:21 - selinuxfs selinuxfs rw
> 37 18 0:34 / /proc/sys/fs/binfmt_misc rw,relatime shared:23 - autofs systemd-1 rw,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct
> 38 19 0:35 / /dev/hugepages rw,relatime shared:24 - hugetlbfs hugetlbfs rw,seclabel
> 39 19 0:15 / /dev/mqueue rw,relatime shared:25 - mqueue mqueue rw,seclabel
> 40 17 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs rw,seclabel
> 70 23 0:36 / /run/user/1001 rw,nosuid,nodev,relatime shared:27 - tmpfs tmpfs rw,seclabel,size=817560k,mode=700,uid=1001,gid=1001
> 72 23 0:20 /netns /run/netns rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
> ```
>
> Cong Wang wrote:
> My point is who makes the peer group change? Is that the distro? If not, admin/user can always do whatever they want, it doesn't make much sense to fix a user-spefic case. If it is distro, we have to fix it, like the symlink case.
yeah, different linux distro has different default.
On centos7/fedora23, '/' (and all other default mounts) are shared mounts
on Ubuntu14.04, '/' (and all other default mounts) are private mounts
- Jie
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45520/#review126372
-----------------------------------------------------------
On March 31, 2016, 1:47 a.m., Jie Yu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45520/
> -----------------------------------------------------------
>
> (Updated March 31, 2016, 1:47 a.m.)
>
>
> Review request for mesos, Ian Downes and Cong Wang.
>
>
> Bugs: MESOS-4662
> https://issues.apache.org/jira/browse/MESOS-4662
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Fixed the bind mount root issue in port mapping isolator. This patch fixed two issues:
> 1) no long assume /var/run/netns is a realpath
> 2) made sure /var/run/netns is a shared mount in its own mount peer group
>
>
> Diffs
> -----
>
> src/slave/containerizer/mesos/isolators/network/port_mapping.hpp 0fe2f486eb733acf738c1c61fc44f820d7401afc
> src/slave/containerizer/mesos/isolators/network/port_mapping.cpp 323c84a3d960a196d8ba87f753814e9d43a07957
> src/tests/containerizer/port_mapping_tests.cpp e062daa9fcfc776144b48325daa1f1284c5e59a4
>
> Diff: https://reviews.apache.org/r/45520/diff/
>
>
> Testing
> -------
>
> sudo make check on Fedora23
>
>
> Thanks,
>
> Jie Yu
>
>
Re: Review Request 45520: Fixed the bind mount root issue in port
mapping isolator.
Posted by Cong Wang <xi...@gmail.com>.
> On March 31, 2016, 5:59 p.m., Cong Wang wrote:
> > Why /var/run/netns could be in the same mount peer group with its parent? At least on fedora21 this is not the case.
> >
> > Also, why do you fix two bugs in one patch? I know you don't care about bisect, but even so this is still not a good practice at all.
>
> Jie Yu wrote:
> I'll split the patch. Regarding the mount peer groups issue, here is the test I did on fedora23:
> ```
> [vagrant@localhost build]$ cat /proc/self/mountinfo
> 17 58 0:17 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel
> 18 58 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
> 19 58 0:6 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=4076012k,nr_inodes=1019003,mode=755
> 20 17 0:18 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
> 21 19 0:19 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
> 22 19 0:13 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
> 23 58 0:20 / /run rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
> 24 17 0:21 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs ro,seclabel,mode=755
> 25 24 0:22 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
> 26 17 0:23 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:19 - pstore pstore rw,seclabel
> 27 24 0:24 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,blkio
> 28 24 0:25 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,net_cls,net_prio
> 29 24 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,freezer
> 30 24 0:27 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,memory
> 31 24 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,perf_event
> 32 24 0:29 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,cpu,cpuacct
> 33 24 0:30 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,devices
> 34 24 0:31 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,hugetlb
> 35 24 0:32 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,cpuset
> 56 17 0:33 / /sys/kernel/config rw,relatime shared:20 - configfs configfs rw
> 58 0 8:1 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,seclabel,data=ordered
> 36 17 0:16 / /sys/fs/selinux rw,relatime shared:21 - selinuxfs selinuxfs rw
> 37 18 0:34 / /proc/sys/fs/binfmt_misc rw,relatime shared:23 - autofs systemd-1 rw,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct
> 38 19 0:35 / /dev/hugepages rw,relatime shared:24 - hugetlbfs hugetlbfs rw,seclabel
> 39 19 0:15 / /dev/mqueue rw,relatime shared:25 - mqueue mqueue rw,seclabel
> 40 17 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs rw,seclabel
> 70 23 0:36 / /run/user/1001 rw,nosuid,nodev,relatime shared:27 - tmpfs tmpfs rw,seclabel,size=817560k,mode=700,uid=1001,gid=1001
> [vagrant@localhost build]$ sudo mount^C
> [vagrant@localhost build]$ sudo mkdir /run/netns
> [vagrant@localhost build]$ sudo mount --bind /run/netns /run/netns
> [vagrant@localhost build]$ cat /proc/self/mountinfo
> 17 58 0:17 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel
> 18 58 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
> 19 58 0:6 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=4076012k,nr_inodes=1019003,mode=755
> 20 17 0:18 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
> 21 19 0:19 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
> 22 19 0:13 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
> 23 58 0:20 / /run rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
> 24 17 0:21 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs ro,seclabel,mode=755
> 25 24 0:22 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
> 26 17 0:23 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:19 - pstore pstore rw,seclabel
> 27 24 0:24 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,blkio
> 28 24 0:25 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,net_cls,net_prio
> 29 24 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,freezer
> 30 24 0:27 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,memory
> 31 24 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,perf_event
> 32 24 0:29 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,cpu,cpuacct
> 33 24 0:30 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,devices
> 34 24 0:31 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,hugetlb
> 35 24 0:32 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,cpuset
> 56 17 0:33 / /sys/kernel/config rw,relatime shared:20 - configfs configfs rw
> 58 0 8:1 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,seclabel,data=ordered
> 36 17 0:16 / /sys/fs/selinux rw,relatime shared:21 - selinuxfs selinuxfs rw
> 37 18 0:34 / /proc/sys/fs/binfmt_misc rw,relatime shared:23 - autofs systemd-1 rw,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct
> 38 19 0:35 / /dev/hugepages rw,relatime shared:24 - hugetlbfs hugetlbfs rw,seclabel
> 39 19 0:15 / /dev/mqueue rw,relatime shared:25 - mqueue mqueue rw,seclabel
> 40 17 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs rw,seclabel
> 70 23 0:36 / /run/user/1001 rw,nosuid,nodev,relatime shared:27 - tmpfs tmpfs rw,seclabel,size=817560k,mode=700,uid=1001,gid=1001
> 72 23 0:20 /netns /run/netns rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
> [vagrant@localhost build]$ sudo mount --make-shared /run/netns
> [vagrant@localhost build]$ cat /proc/self/mountinfo
> 17 58 0:17 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel
> 18 58 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
> 19 58 0:6 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=4076012k,nr_inodes=1019003,mode=755
> 20 17 0:18 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
> 21 19 0:19 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
> 22 19 0:13 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
> 23 58 0:20 / /run rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
> 24 17 0:21 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs ro,seclabel,mode=755
> 25 24 0:22 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
> 26 17 0:23 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:19 - pstore pstore rw,seclabel
> 27 24 0:24 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,blkio
> 28 24 0:25 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,net_cls,net_prio
> 29 24 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,freezer
> 30 24 0:27 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,memory
> 31 24 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,perf_event
> 32 24 0:29 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,cpu,cpuacct
> 33 24 0:30 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,devices
> 34 24 0:31 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,hugetlb
> 35 24 0:32 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,cpuset
> 56 17 0:33 / /sys/kernel/config rw,relatime shared:20 - configfs configfs rw
> 58 0 8:1 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,seclabel,data=ordered
> 36 17 0:16 / /sys/fs/selinux rw,relatime shared:21 - selinuxfs selinuxfs rw
> 37 18 0:34 / /proc/sys/fs/binfmt_misc rw,relatime shared:23 - autofs systemd-1 rw,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct
> 38 19 0:35 / /dev/hugepages rw,relatime shared:24 - hugetlbfs hugetlbfs rw,seclabel
> 39 19 0:15 / /dev/mqueue rw,relatime shared:25 - mqueue mqueue rw,seclabel
> 40 17 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs rw,seclabel
> 70 23 0:36 / /run/user/1001 rw,nosuid,nodev,relatime shared:27 - tmpfs tmpfs rw,seclabel,size=817560k,mode=700,uid=1001,gid=1001
> 72 23 0:20 /netns /run/netns rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
> ```
My point is who makes the peer group change? Is that the distro? If not, admin/user can always do whatever they want, it doesn't make much sense to fix a user-spefic case. If it is distro, we have to fix it, like the symlink case.
- Cong
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45520/#review126372
-----------------------------------------------------------
On March 31, 2016, 1:47 a.m., Jie Yu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45520/
> -----------------------------------------------------------
>
> (Updated March 31, 2016, 1:47 a.m.)
>
>
> Review request for mesos, Ian Downes and Cong Wang.
>
>
> Bugs: MESOS-4662
> https://issues.apache.org/jira/browse/MESOS-4662
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Fixed the bind mount root issue in port mapping isolator. This patch fixed two issues:
> 1) no long assume /var/run/netns is a realpath
> 2) made sure /var/run/netns is a shared mount in its own mount peer group
>
>
> Diffs
> -----
>
> src/slave/containerizer/mesos/isolators/network/port_mapping.hpp 0fe2f486eb733acf738c1c61fc44f820d7401afc
> src/slave/containerizer/mesos/isolators/network/port_mapping.cpp 323c84a3d960a196d8ba87f753814e9d43a07957
> src/tests/containerizer/port_mapping_tests.cpp e062daa9fcfc776144b48325daa1f1284c5e59a4
>
> Diff: https://reviews.apache.org/r/45520/diff/
>
>
> Testing
> -------
>
> sudo make check on Fedora23
>
>
> Thanks,
>
> Jie Yu
>
>
Re: Review Request 45520: Fixed the bind mount root issue in port
mapping isolator.
Posted by Jie Yu <yu...@gmail.com>.
> On March 31, 2016, 5:59 p.m., Cong Wang wrote:
> > Why /var/run/netns could be in the same mount peer group with its parent? At least on fedora21 this is not the case.
> >
> > Also, why do you fix two bugs in one patch? I know you don't care about bisect, but even so this is still not a good practice at all.
I'll split the patch. Regarding the mount peer groups issue, here is the test I did on fedora23:
```
[vagrant@localhost build]$ cat /proc/self/mountinfo
17 58 0:17 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel
18 58 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
19 58 0:6 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=4076012k,nr_inodes=1019003,mode=755
20 17 0:18 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
21 19 0:19 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
22 19 0:13 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
23 58 0:20 / /run rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
24 17 0:21 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs ro,seclabel,mode=755
25 24 0:22 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
26 17 0:23 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:19 - pstore pstore rw,seclabel
27 24 0:24 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,blkio
28 24 0:25 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,net_cls,net_prio
29 24 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,freezer
30 24 0:27 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,memory
31 24 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,perf_event
32 24 0:29 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,cpu,cpuacct
33 24 0:30 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,devices
34 24 0:31 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,hugetlb
35 24 0:32 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,cpuset
56 17 0:33 / /sys/kernel/config rw,relatime shared:20 - configfs configfs rw
58 0 8:1 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,seclabel,data=ordered
36 17 0:16 / /sys/fs/selinux rw,relatime shared:21 - selinuxfs selinuxfs rw
37 18 0:34 / /proc/sys/fs/binfmt_misc rw,relatime shared:23 - autofs systemd-1 rw,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct
38 19 0:35 / /dev/hugepages rw,relatime shared:24 - hugetlbfs hugetlbfs rw,seclabel
39 19 0:15 / /dev/mqueue rw,relatime shared:25 - mqueue mqueue rw,seclabel
40 17 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs rw,seclabel
70 23 0:36 / /run/user/1001 rw,nosuid,nodev,relatime shared:27 - tmpfs tmpfs rw,seclabel,size=817560k,mode=700,uid=1001,gid=1001
[vagrant@localhost build]$ sudo mount^C
[vagrant@localhost build]$ sudo mkdir /run/netns
[vagrant@localhost build]$ sudo mount --bind /run/netns /run/netns
[vagrant@localhost build]$ cat /proc/self/mountinfo
17 58 0:17 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel
18 58 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
19 58 0:6 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=4076012k,nr_inodes=1019003,mode=755
20 17 0:18 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
21 19 0:19 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
22 19 0:13 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
23 58 0:20 / /run rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
24 17 0:21 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs ro,seclabel,mode=755
25 24 0:22 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
26 17 0:23 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:19 - pstore pstore rw,seclabel
27 24 0:24 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,blkio
28 24 0:25 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,net_cls,net_prio
29 24 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,freezer
30 24 0:27 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,memory
31 24 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,perf_event
32 24 0:29 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,cpu,cpuacct
33 24 0:30 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,devices
34 24 0:31 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,hugetlb
35 24 0:32 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,cpuset
56 17 0:33 / /sys/kernel/config rw,relatime shared:20 - configfs configfs rw
58 0 8:1 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,seclabel,data=ordered
36 17 0:16 / /sys/fs/selinux rw,relatime shared:21 - selinuxfs selinuxfs rw
37 18 0:34 / /proc/sys/fs/binfmt_misc rw,relatime shared:23 - autofs systemd-1 rw,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct
38 19 0:35 / /dev/hugepages rw,relatime shared:24 - hugetlbfs hugetlbfs rw,seclabel
39 19 0:15 / /dev/mqueue rw,relatime shared:25 - mqueue mqueue rw,seclabel
40 17 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs rw,seclabel
70 23 0:36 / /run/user/1001 rw,nosuid,nodev,relatime shared:27 - tmpfs tmpfs rw,seclabel,size=817560k,mode=700,uid=1001,gid=1001
72 23 0:20 /netns /run/netns rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
[vagrant@localhost build]$ sudo mount --make-shared /run/netns
[vagrant@localhost build]$ cat /proc/self/mountinfo
17 58 0:17 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel
18 58 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
19 58 0:6 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=4076012k,nr_inodes=1019003,mode=755
20 17 0:18 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
21 19 0:19 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
22 19 0:13 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
23 58 0:20 / /run rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
24 17 0:21 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs ro,seclabel,mode=755
25 24 0:22 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
26 17 0:23 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:19 - pstore pstore rw,seclabel
27 24 0:24 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,blkio
28 24 0:25 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,net_cls,net_prio
29 24 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,freezer
30 24 0:27 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,memory
31 24 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,perf_event
32 24 0:29 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,cpu,cpuacct
33 24 0:30 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,devices
34 24 0:31 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,hugetlb
35 24 0:32 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,cpuset
56 17 0:33 / /sys/kernel/config rw,relatime shared:20 - configfs configfs rw
58 0 8:1 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,seclabel,data=ordered
36 17 0:16 / /sys/fs/selinux rw,relatime shared:21 - selinuxfs selinuxfs rw
37 18 0:34 / /proc/sys/fs/binfmt_misc rw,relatime shared:23 - autofs systemd-1 rw,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct
38 19 0:35 / /dev/hugepages rw,relatime shared:24 - hugetlbfs hugetlbfs rw,seclabel
39 19 0:15 / /dev/mqueue rw,relatime shared:25 - mqueue mqueue rw,seclabel
40 17 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs rw,seclabel
70 23 0:36 / /run/user/1001 rw,nosuid,nodev,relatime shared:27 - tmpfs tmpfs rw,seclabel,size=817560k,mode=700,uid=1001,gid=1001
72 23 0:20 /netns /run/netns rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
```
- Jie
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45520/#review126372
-----------------------------------------------------------
On March 31, 2016, 1:47 a.m., Jie Yu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45520/
> -----------------------------------------------------------
>
> (Updated March 31, 2016, 1:47 a.m.)
>
>
> Review request for mesos, Ian Downes and Cong Wang.
>
>
> Bugs: MESOS-4662
> https://issues.apache.org/jira/browse/MESOS-4662
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Fixed the bind mount root issue in port mapping isolator. This patch fixed two issues:
> 1) no long assume /var/run/netns is a realpath
> 2) made sure /var/run/netns is a shared mount in its own mount peer group
>
>
> Diffs
> -----
>
> src/slave/containerizer/mesos/isolators/network/port_mapping.hpp 0fe2f486eb733acf738c1c61fc44f820d7401afc
> src/slave/containerizer/mesos/isolators/network/port_mapping.cpp 323c84a3d960a196d8ba87f753814e9d43a07957
> src/tests/containerizer/port_mapping_tests.cpp e062daa9fcfc776144b48325daa1f1284c5e59a4
>
> Diff: https://reviews.apache.org/r/45520/diff/
>
>
> Testing
> -------
>
> sudo make check on Fedora23
>
>
> Thanks,
>
> Jie Yu
>
>
Re: Review Request 45520: Fixed the bind mount root issue in port
mapping isolator.
Posted by Cong Wang <xi...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45520/#review126372
-----------------------------------------------------------
Why /var/run/netns could be in the same mount peer group with its parent? At least on fedora21 this is not the case.
Also, why do you fix two bugs in one patch? I know you don't care about bisect, but even so this is still not a good practice at all.
- Cong Wang
On March 31, 2016, 1:47 a.m., Jie Yu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45520/
> -----------------------------------------------------------
>
> (Updated March 31, 2016, 1:47 a.m.)
>
>
> Review request for mesos, Ian Downes and Cong Wang.
>
>
> Bugs: MESOS-4662
> https://issues.apache.org/jira/browse/MESOS-4662
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Fixed the bind mount root issue in port mapping isolator. This patch fixed two issues:
> 1) no long assume /var/run/netns is a realpath
> 2) made sure /var/run/netns is a shared mount in its own mount peer group
>
>
> Diffs
> -----
>
> src/slave/containerizer/mesos/isolators/network/port_mapping.hpp 0fe2f486eb733acf738c1c61fc44f820d7401afc
> src/slave/containerizer/mesos/isolators/network/port_mapping.cpp 323c84a3d960a196d8ba87f753814e9d43a07957
> src/tests/containerizer/port_mapping_tests.cpp e062daa9fcfc776144b48325daa1f1284c5e59a4
>
> Diff: https://reviews.apache.org/r/45520/diff/
>
>
> Testing
> -------
>
> sudo make check on Fedora23
>
>
> Thanks,
>
> Jie Yu
>
>
Re: Review Request 45520: Fixed the bind mount root issue in port
mapping isolator.
Posted by Mesos ReviewBot <re...@mesos.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45520/#review126259
-----------------------------------------------------------
Patch looks great!
Reviews applied: [45520]
Passed command: export OS='ubuntu:14.04' CONFIGURATION='--verbose' COMPILER='gcc' ENVIRONMENT='GLOG_v=1 MESOS_VERBOSE=1'; ./support/docker_build.sh
- Mesos ReviewBot
On March 31, 2016, 1:47 a.m., Jie Yu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45520/
> -----------------------------------------------------------
>
> (Updated March 31, 2016, 1:47 a.m.)
>
>
> Review request for mesos, Ian Downes and Cong Wang.
>
>
> Bugs: MESOS-4662
> https://issues.apache.org/jira/browse/MESOS-4662
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Fixed the bind mount root issue in port mapping isolator. This patch fixed two issues:
> 1) no long assume /var/run/netns is a realpath
> 2) made sure /var/run/netns is a shared mount in its own mount peer group
>
>
> Diffs
> -----
>
> src/slave/containerizer/mesos/isolators/network/port_mapping.hpp 0fe2f486eb733acf738c1c61fc44f820d7401afc
> src/slave/containerizer/mesos/isolators/network/port_mapping.cpp 323c84a3d960a196d8ba87f753814e9d43a07957
> src/tests/containerizer/port_mapping_tests.cpp e062daa9fcfc776144b48325daa1f1284c5e59a4
>
> Diff: https://reviews.apache.org/r/45520/diff/
>
>
> Testing
> -------
>
> sudo make check on Fedora23
>
>
> Thanks,
>
> Jie Yu
>
>