This is an automated email from the ASF dual-hosted git repository.
bmahler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
The following commit(s) were added to refs/heads/master by this push:
new 077ee99da [cgroups2] Make isolator update() fail for containers that
don't need isolation.
077ee99da is described below
commit 077ee99da7cd35b44e5926637238a4c681f2d516
Author: Jason Zhou <[email protected]>
AuthorDate: Thu Aug 15 18:29:51 2024 -0400
[cgroups2] Make isolator update() fail for containers that don't need
isolation.
In cgroups1, we returned an error when we see that the container is
sharing cgroups, as it would have no cgroups for update() to take.
In cgroups2 we will mimick this behavior for containers that do not
wish to have their own resource constraints, as we do not expect to call
update() on those containers.
Review: https://reviews.apache.org/r/75174/
---
src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.cpp | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.cpp
b/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.cpp
index 8c116dcfb..b5424ba02 100644
--- a/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.cpp
+++ b/src/slave/containerizer/mesos/isolators/cgroups2/cgroups2.cpp
@@ -736,7 +736,11 @@ Future<Nothing> Cgroups2IsolatorProcess::update(
const google::protobuf::Map<string, Value::Scalar>& resourceLimits)
{
if (!infos.contains(containerId)) {
- return Failure("Unknown container '" + stringify(containerId) + "'");
+ return Failure("Unknown container");
+ }
+
+ if (!infos[containerId]->isolate) {
+ return Failure("Update is not supported for nested containers");
}
vector<Future<Nothing>> updates;
