----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/13040/ -----------------------------------------------------------
Review request for mesos, Benjamin Hindman, Ben Mahler, Ian Downes, and Vinod Kone. Repository: mesos-git Description ------- cgroup_isolator: Isolate the executors in their own mount namespace. When starting an executor create a mount namespace and make the mounts private in the new namespace to prevent any changes in the mount namespace from propagating back to the original mount namespace. This results in no change in visibility or accessibilty of files for the executor so this should not result in any regressions. In addition to the initial small isolation effect this also prepares for using the mount namespace to remove the possibility of filesystem accesses that executors and tasks should not be able to perform. Diffs ----- src/slave/cgroups_isolator.cpp 0faf7d5 Diff: https://reviews.apache.org/r/13040/diff/ Testing ------- make -j8 check And watched the tests pass. Thanks, Eric Biederman
