You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by gi...@apache.org on 2017/08/15 03:53:56 UTC

[3/8] mesos git commit: Introduced `--disallow_sharing_agent_pid_namespace` agent flag.

Introduced `--disallow_sharing_agent_pid_namespace` agent flag.

Introduced `--disallow_sharing_agent_pid_namespace` agent flag.

Review: https://reviews.apache.org/r/61406/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/03e093f5
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/03e093f5
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/03e093f5

Branch: refs/heads/master
Commit: 03e093f5d09e35a54e4373692d47a46d58fae4d0
Parents: dc1908a
Author: Qian Zhang <zh...@gmail.com>
Authored: Sun Aug 13 19:51:56 2017 -0700
Committer: Gilbert Song <so...@gmail.com>
Committed: Mon Aug 14 15:40:31 2017 -0700

----------------------------------------------------------------------
 docs/configuration.md | 14 ++++++++++++++
 src/slave/flags.cpp   | 10 ++++++++++
 src/slave/flags.hpp   |  1 +
 3 files changed, 25 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/03e093f5/docs/configuration.md
----------------------------------------------------------------------
diff --git a/docs/configuration.md b/docs/configuration.md
index 6ab2d1a..e43f9ea 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -2046,6 +2046,20 @@ sandbox is mapped to.
 </tr>
 <tr>
   <td>
+    --[no-]disallow_sharing_agent_pid_namespace
+  </td>
+  <td>
+If set to <code>true</code>, each top-level container will have its own pid
+namespace, and if the framework requests to share the agent pid namespace for
+the top level container, the container launch will be rejected. If set to
+<code>false</code>, the top-level containers will share the pid namespace with
+agent if the framework requests it. This flag will be ignored if the
+`namespaces/pid` isolator is not enabled.
+(default: false)
+  </td>
+</tr>
+<tr>
+  <td>
     --[no-]strict
   </td>
   <td>

http://git-wip-us.apache.org/repos/asf/mesos/blob/03e093f5/src/slave/flags.cpp
----------------------------------------------------------------------
diff --git a/src/slave/flags.cpp b/src/slave/flags.cpp
index 4171604..3b02f3e 100644
--- a/src/slave/flags.cpp
+++ b/src/slave/flags.cpp
@@ -639,6 +639,16 @@ mesos::internal::slave::Flags::Flags()
       "\n"
       "This flag has the same syntax as `--effective_capabilities`."
      );
+
+  add(&Flags::disallow_sharing_agent_pid_namespace,
+      "disallow_sharing_agent_pid_namespace",
+      "If set to `true`, each top-level container will have its own pid\n"
+      "namespace, and if the framework requests to share the agent pid\n"
+      "namespace for the top level container, the container launch will be\n"
+      "rejected. If set to `false`, the top-level containers will share the\n"
+      "pid namespace with agent if the framework requests it. This flag will\n"
+      "be ignored if the `namespaces/pid` isolator is not enabled.\n",
+      false);
 #endif
 
   add(&Flags::firewall_rules,

http://git-wip-us.apache.org/repos/asf/mesos/blob/03e093f5/src/slave/flags.hpp
----------------------------------------------------------------------
diff --git a/src/slave/flags.hpp b/src/slave/flags.hpp
index 032880d..2970fea 100644
--- a/src/slave/flags.hpp
+++ b/src/slave/flags.hpp
@@ -113,6 +113,7 @@ public:
   std::string systemd_runtime_directory;
   Option<CapabilityInfo> effective_capabilities;
   Option<CapabilityInfo> bounding_capabilities;
+  bool disallow_sharing_agent_pid_namespace;
 #endif
   Option<Firewall> firewall_rules;
   Option<Path> credential;