This is an automated email from the ASF dual-hosted git repository. gilbert pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 9932550e9632e7fbb9a45b217793c7f508f57001 Author: Qian Zhang <[email protected]> AuthorDate: Fri Jul 12 00:40:11 2019 -0700 Updated `filesystem/linux` isolator for configurable IPC support. If `namespaces/ipc` isolator is not enabled, for backward compatibility /dev/shm will still be handled in `filesystem/linux` isolator as before. Otherwise, both /dev/shm and IPC namespace will be handled by `namespaces/ipc` isolator. Review: https://reviews.apache.org/r/70820/ --- .../containerizer/mesos/isolators/filesystem/linux.cpp | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp b/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp index 3cfb6e9..df33b35 100644 --- a/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp +++ b/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp @@ -146,12 +146,6 @@ static const ContainerMountInfo ROOTFS_CONTAINER_MOUNTS[] = { "devpts", "newinstance,ptmxmode=0666,mode=0620,gid=5", MS_NOSUID | MS_NOEXEC), - createContainerMount( - "tmpfs", - "/dev/shm", - "tmpfs", - "mode=1777", - MS_NOSUID | MS_NODEV | MS_STRICTATIME), }; @@ -769,6 +763,17 @@ Future<Option<ContainerLaunchInfo>> LinuxFilesystemIsolatorProcess::prepare( } } + // If `namespaces/ipc` isolator is not enabled, /dev/shm will be + // handled there. + if (!strings::contains(flags.isolation, "namespaces/ipc")) { + *launchInfo.add_mounts() = createContainerMount( + "tmpfs", + path::join(containerConfig.rootfs(), "/dev/shm"), + "tmpfs", + "mode=1777", + MS_NOSUID | MS_NODEV | MS_STRICTATIME); + } + Try<Nothing> makedev = makeStandardDevices(devicesDir, containerConfig.rootfs(), launchInfo); if (makedev.isError()) {
