Remove /proc and /sys remounts from port_mapping isolator. Review: https://reviews.apache.org/r/26274
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/c18a50a0 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/c18a50a0 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/c18a50a0 Branch: refs/heads/master Commit: c18a50a0f199d1b8cdf121f39cd83163f0f8b152 Parents: 47fa5a1 Author: Ian Downes <[email protected]> Authored: Wed Oct 1 10:38:23 2014 -0700 Committer: Ian Downes <[email protected]> Committed: Mon Oct 27 10:36:37 2014 -0700 ---------------------------------------------------------------------- src/slave/containerizer/isolators/network/port_mapping.cpp | 5 ----- src/slave/containerizer/linux_launcher.cpp | 5 ++--- 2 files changed, 2 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/c18a50a0/src/slave/containerizer/isolators/network/port_mapping.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/isolators/network/port_mapping.cpp b/src/slave/containerizer/isolators/network/port_mapping.cpp index 1d0609a..1234d8e 100644 --- a/src/slave/containerizer/isolators/network/port_mapping.cpp +++ b/src/slave/containerizer/isolators/network/port_mapping.cpp @@ -2622,11 +2622,6 @@ string PortMappingIsolatorProcess::scripts(Info* info) script << "#!/bin/sh\n"; script << "set -x\n"; - // Remount /proc and /sys to show a separate networking stack. - // These should be done by a FilesystemIsolator in the future. - script << "mount -n -o remount -t sysfs none /sys\n"; - script << "mount -n -o remount -t proc none /proc\n"; - // Mark the mount point BIND_MOUNT_ROOT as slave mount so that // changes in the container will not be propagated to the host. script << "mount --make-rslave " << BIND_MOUNT_ROOT << "\n"; http://git-wip-us.apache.org/repos/asf/mesos/blob/c18a50a0/src/slave/containerizer/linux_launcher.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/linux_launcher.cpp b/src/slave/containerizer/linux_launcher.cpp index f7bc894..07ee643 100644 --- a/src/slave/containerizer/linux_launcher.cpp +++ b/src/slave/containerizer/linux_launcher.cpp @@ -96,11 +96,10 @@ Try<Launcher*> LinuxLauncher::create(const Flags& flags) int namespaces = 0; #ifdef WITH_NETWORK_ISOLATOR - // The network port mapping isolator requires network (CLONE_NEWNET) - // and mount (CLONE_NEWNS) namespaces. + // The network port mapping isolator requires network namespaces + // (CLONE_NEWNET). if (strings::contains(flags.isolation, "network/port_mapping")) { namespaces |= CLONE_NEWNET; - namespaces |= CLONE_NEWNS; } #endif
