[jira] [Commented] (MESOS-1574) what to do when a rogue process binds to a port mesos didn't allocate to it?

["Jie Yu (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/MESOS-1574?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14101448#comment-14101448 ] 

Jie Yu commented on MESOS-1574:
-------------------------------

If you turn on the network isolator in 0.20.0, we will have isolation for 'ports' resource as well. So if a process is using a port that is not assigned to it, it can still bind that port, but it won't be able to use that port to communicate with others. THat's because we install tc filters for each container and will drop those packages if the src port does not belong to the container.

> what to do when a rogue process binds to a port mesos didn't allocate to it?
> ----------------------------------------------------------------------------
>
>                 Key: MESOS-1574
>                 URL: https://issues.apache.org/jira/browse/MESOS-1574
>             Project: Mesos
>          Issue Type: Improvement
>          Components: allocation, isolation
>            Reporter: Jay Buffington
>            Priority: Minor
>
> I recently had an issue where a slave had a process who's parent was init that was bound to a port in the range that mesos thought was a free resource.  I'm not sure if this is due to a bug in mesos (it lost track of this process during an upgrade?) or if there was a bad user who started a process on the host manually outside of mesos.  The process is over a month old and I have no history in mesos to ask it if/when it launched the task :(
> If a rogue process binds to a port that mesos-slave has offered to the master as an available resource there should be some sort of reckoning.  Mesos could:
>    * kill the rogue process
>    * rescind the offer for that port
>    * have an api that can be plugged into a monitoring system to alert humans of this inconsistency



--
This message was sent by Atlassian JIRA
(v6.2#6252)