----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/13045/ -----------------------------------------------------------
Review request for mesos, Benjamin Hindman, Ben Mahler, Ian Downes, and Vinod Kone. Repository: mesos-git Description ------- cgroup_isolator: Isolate the exectuor and tasks in a pid namespace. This has several advantages: - It becomes impossible to send unix signals to processes outside of the pid namespace. - Forked processes can not escape the pid namespace no matter what they do. - It becomes easy to cleanup a pid namespace because all processes are killed when the first process the executor is killed. Diffs ----- src/slave/cgroups_isolator.cpp 0faf7d5 Diff: https://reviews.apache.org/r/13045/diff/ Testing ------- make -j 8 check And watched the tests pass. Thanks, Eric Biederman
