You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by Ian Downes <ia...@gmail.com> on 2015/07/06 19:12:21 UTC
Re: Review Request 31444: Support chrooting in MesosContainerizer
launch helper.
> On June 29, 2015, 4:29 p.m., Jiang Yan Xu wrote:
> > src/slave/containerizer/mesos/launch.cpp, lines 64-65
> > <https://reviews.apache.org/r/31444/diff/7/?file=989735#file989735line64>
> >
> > "must be relative to" is really "is interpreted as relative to" right?
> >
> > Just wanted be sure clarify:
> > 1) Should the user specify an absolute path with a preceding /?
> > 2) The directory path as observed by processes outside the choot jail is `path::join(rootfs, directory)` right?
1) Yes, absolute path. Added this to the description.
2) Yes.
> On June 29, 2015, 4:29 p.m., Jiang Yan Xu wrote:
> > src/slave/containerizer/mesos/launch.cpp, lines 259-260
> > <https://reviews.apache.org/r/31444/diff/7/?file=989735#file989735line259>
> >
> > "This must be an absolute path"
> >
> > As in, if the flags specifies a path without a preceding slash this throws an error?
> >
> > This is not enforced is it?
Actually, it's just interpreted relative to the new root since we chdir() after chroot() which will change to "/". I clarified the comment.
- Ian
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/31444/#review89425
-----------------------------------------------------------
On June 22, 2015, 9:38 a.m., Ian Downes wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/31444/
> -----------------------------------------------------------
>
> (Updated June 22, 2015, 9:38 a.m.)
>
>
> Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, Jie Yu, and James Peach.
>
>
> Bugs: MESOS-2350
> https://issues.apache.org/jira/browse/MESOS-2350
>
>
> Repository: mesos
>
>
> Description
> -------
>
> Optionally take a path that the launch helper should chroot to before exec'ing the executor. It is assumed that the work directory is mounted to the appropriate location under the chroot. In particular, the path to the executor must be relative to the chroot.
>
> Configuration that should be private to the chroot is done during the launch, e.g. mounting proc and statically configuring basic devices. It is assumed that other configuration, e.g., preparing the image, mounting in volumes or persistent resources, is done by the caller.
>
> Mounts can be made to the chroot (e.g., updating the volumes or persistent resources) and they will propagate in to the container but mounts made inside the container will not propagate out to the host.
>
> It currently assumes that at least {{chroot}}/tmp is writeable and that mount points {{chroot}}/{tmp,dev,proc,sys} exist in the chroot.
>
> This is specific to Linux.
>
>
> Diffs
> -----
>
> src/Makefile.am e7de0f3d1a5efeaef47d5074defe3b40db94f573
> src/linux/fs.cpp 568565f878b34708170a886dc4d62849aa01f263
> src/slave/containerizer/mesos/launch.hpp 7c8b535746b5ce9add00afef86fdb6faefb5620e
> src/slave/containerizer/mesos/launch.cpp 2f2d60e2011f60ec711d3b29fd2c157e30c83c34
> src/tests/launch_tests.cpp PRE-CREATION
>
> Diff: https://reviews.apache.org/r/31444/diff/
>
>
> Testing
> -------
>
> Manual testing only so far. This is harder to automate because we need a self-contained chroot to execute something in... Suggestions welcome.
>
>
> Thanks,
>
> Ian Downes
>
>