You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by gi...@apache.org on 2017/08/02 23:37:31 UTC

mesos git commit: Filesystem isolation check for Mesos image provisioner.

Repository: mesos
Updated Branches:
  refs/heads/master 52214ead9 -> 1793f8f2a


Filesystem isolation check for Mesos image provisioner.

Checked if the 'filesystem/linux' isolator is enabled and the 'linux'
launcher is used when launching a mesos containerizer with an image
under Linux. This prevents the executor from messing up with the host
filesystem. The check is in `MesosContainerizerProcess::prepare()`
after provisioning and before launching, since provisioning itself
does not depend on the filesystem isolator.

Also checked that the 'filesystem/linux' is enabled and the 'linux'
launcher is used when enabling the 'docker/runtime' isolator.

Review: https://reviews.apache.org/r/58939/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/1793f8f2
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/1793f8f2
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/1793f8f2

Branch: refs/heads/master
Commit: 1793f8f2a6e98757dba06d9d70d7bd3c03830cf0
Parents: 52214ea
Author: Chun-Hung Hsiao <ch...@mesosphere.io>
Authored: Wed Aug 2 12:29:44 2017 -0700
Committer: Gilbert Song <so...@gmail.com>
Committed: Wed Aug 2 16:36:56 2017 -0700

----------------------------------------------------------------------
 src/slave/containerizer/mesos/containerizer.cpp | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/1793f8f2/src/slave/containerizer/mesos/containerizer.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/containerizer.cpp b/src/slave/containerizer/mesos/containerizer.cpp
index 6f100b5..ff192bb 100644
--- a/src/slave/containerizer/mesos/containerizer.cpp
+++ b/src/slave/containerizer/mesos/containerizer.cpp
@@ -227,6 +227,22 @@ Try<MesosContainerizer*> MesosContainerizer::create(
     flags_.isolation += ",environment_secret";
   }
 
+#ifdef __linux__
+  if (flags_.image_providers.isSome()) {
+    // The 'filesystem/linux' isolator and 'linux' launcher are required
+    // for the mesos containerizer to support container images.
+    if (!strings::contains(flags_.isolation, "filesystem/linux")) {
+      return Error("The 'filesystem/linux' isolator must be enabled for"
+                   " container image support.");
+    }
+
+    if (flags_.launcher != "linux") {
+      return Error("The 'linux' launcher must be used for container"
+                   " image support.");
+    }
+  }
+#endif // __linux__
+
   LOG(INFO) << "Using isolation: " << flags_.isolation;
 
   // Create the launcher for the MesosContainerizer.