Repository: mesos Updated Branches: refs/heads/master fcc8ca168 -> ee6c6cfcb
Split linux chroot into prepare and enter phases. Since we will need to perform additional work to configure the chroot before entering it, split the Linux chroot API into `fs::chroot::prepare()` and `fs::chroot::enter()`. Review: https://reviews.apache.org/r/67094/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/09690881 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/09690881 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/09690881 Branch: refs/heads/master Commit: 096908812c1e7481536390de45ff78d5d31516e0 Parents: fcc8ca1 Author: James Peach <[email protected]> Authored: Fri May 25 13:37:42 2018 -0700 Committer: James Peach <[email protected]> Committed: Fri May 25 13:37:42 2018 -0700 ---------------------------------------------------------------------- src/linux/fs.cpp | 11 +++++++++-- src/linux/fs.hpp | 9 +++++++-- src/slave/containerizer/mesos/launch.cpp | 9 +++++++++ 3 files changed, 25 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/09690881/src/linux/fs.cpp ---------------------------------------------------------------------- diff --git a/src/linux/fs.cpp b/src/linux/fs.cpp index fbd03b1..6b38b4a 100644 --- a/src/linux/fs.cpp +++ b/src/linux/fs.cpp @@ -908,7 +908,7 @@ Try<Nothing> createStandardDevices(const string& root) // TODO(idownes): Add unit test. -Try<Nothing> enter(const string& root) +Try<Nothing> prepare(const string& root) { // Recursively mark current mounts as slaves to prevent propagation. Try<Nothing> mount = @@ -937,6 +937,13 @@ Try<Nothing> enter(const string& root) return Error("Failed to create devices: " + create.error()); } + return Nothing(); +} + + +// TODO(idownes): Add unit test. +Try<Nothing> enter(const string& root) +{ // Prepare /tmp in the new root. Note that we cannot assume that the // new root is writable (i.e., it could be a read only filesystem). // Therefore, we always mount a tmpfs on /tmp in the new root so @@ -953,7 +960,7 @@ Try<Nothing> enter(const string& root) } // TODO(jieyu): Consider limiting the size of the tmpfs. - mount = fs::mount( + Try<Nothing> mount = fs::mount( "tmpfs", path::join(root, "tmp"), "tmpfs", http://git-wip-us.apache.org/repos/asf/mesos/blob/09690881/src/linux/fs.hpp ---------------------------------------------------------------------- diff --git a/src/linux/fs.hpp b/src/linux/fs.hpp index 76dc09c..502f85c 100644 --- a/src/linux/fs.hpp +++ b/src/linux/fs.hpp @@ -385,8 +385,13 @@ namespace chroot { // Enter a 'chroot' environment. The caller should be in a new mount // namespace. Basic configuration of special filesystems and device -// nodes is performed. Any mounts to the current root will be -// unmounted. +// nodes is performed. +Try<Nothing> prepare(const std::string& root); + + +// Enter a 'chroot' environment. The caller should be in a new mount +// unmounted. The root path must have already been provisioned by +// calling `prepare`()`. Try<Nothing> enter(const std::string& root); } // namespace chroot { http://git-wip-us.apache.org/repos/asf/mesos/blob/09690881/src/slave/containerizer/mesos/launch.cpp ---------------------------------------------------------------------- diff --git a/src/slave/containerizer/mesos/launch.cpp b/src/slave/containerizer/mesos/launch.cpp index f25d906..b8ca608 100644 --- a/src/slave/containerizer/mesos/launch.cpp +++ b/src/slave/containerizer/mesos/launch.cpp @@ -455,6 +455,15 @@ static Try<Nothing> enterChroot(const string& rootfs) } #ifdef __linux__ + Try<Nothing> prepare = fs::chroot::prepare(rootfs); + if (prepare.isError()) { + return Error( + "Failed to prepare chroot '" + rootfs + "': " + + prepare.error()); + } + + // TODO(jpeach): apply container mounts here. + Try<Nothing> chroot = fs::chroot::enter(rootfs); #else // For any other platform we'll just use POSIX chroot.
