Used linux filesystem isolator by default if possible. Review: https://reviews.apache.org/r/37812
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/5a05a9bf Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/5a05a9bf Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/5a05a9bf Branch: refs/heads/master Commit: 5a05a9bf91e133bc3eadf7b2da5a05042058c850 Parents: f6f5d85 Author: Jie Yu <[email protected]> Authored: Thu Aug 27 10:59:58 2015 -0700 Committer: Jie Yu <[email protected]> Committed: Thu Aug 27 17:02:40 2015 -0700 ---------------------------------------------------------------------- src/slave/containerizer/mesos/containerizer.cpp | 25 ++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/5a05a9bf/src/slave/containerizer/mesos/containerizer.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/containerizer.cpp b/src/slave/containerizer/mesos/containerizer.cpp index 377de50..1b83a87 100644 --- a/src/slave/containerizer/mesos/containerizer.cpp +++ b/src/slave/containerizer/mesos/containerizer.cpp @@ -126,14 +126,31 @@ Try<MesosContainerizer*> MesosContainerizer::create( } // One and only one filesystem isolator is required. The filesystem - // isolator is responsible for preparing the filesystems for containers - // (e.g., prepare filesystem roots, volumes, etc.). If the user does - // not specify a filesystem isolator, the default 'filesystem/posix' - // isolator will be used. + // isolator is responsible for preparing the filesystems for + // containers (e.g., prepare filesystem roots, volumes, etc.). If + // the user does not specify a filesystem isolator, the default + // 'filesystem/linux' isolator will be used if the slave runs on + // Linux and has root permission. Othersise, 'filesystem/posix' will + // be used as the default. // // TODO(jieyu): Check that only one filesystem isolator is used. if (!strings::contains(isolation, "filesystem/")) { +#ifdef __linux__ + Result<string> user = os::user(); + if (!user.isSome()) { + return Error( + "Failed to get the current user: " + + (user.isError() ? user.error() : "Not found")); + } + + if (user.get() == "root") { + isolation += ",filesystem/linux"; + } else { + isolation += ",filesystem/posix"; + } +#else isolation += ",filesystem/posix"; +#endif } // Modify the flags to include any changes to isolation.
