----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/25865/#review58450 -----------------------------------------------------------
Ship it! src/slave/containerizer/isolators/namespaces/pid.hpp <https://reviews.apache.org/r/25865/#comment99467> s/.././ src/slave/containerizer/isolators/namespaces/pid.cpp <https://reviews.apache.org/r/25865/#comment99469> Can you wrap at 70 everywhere for comments? src/slave/containerizer/isolators/namespaces/pid.cpp <https://reviews.apache.org/r/25865/#comment99471> Maybe a bit of an explanation of the masking technique used? src/slave/containerizer/isolators/namespaces/pid.cpp <https://reviews.apache.org/r/25865/#comment99479> I'm curious if we can name bindSource and bindTarget to reflect what these are returning without referring to the way the caller uses them: source -> namespaceProcfile? target -> namespaceHandle? src/slave/containerizer/isolators/namespaces/pid.cpp <https://reviews.apache.org/r/25865/#comment99478> Maybe add a string about stat failing inside the error message? - Ben Mahler On Oct. 24, 2014, 10:04 p.m., Ian Downes wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/25865/ > ----------------------------------------------------------- > > (Updated Oct. 24, 2014, 10:04 p.m.) > > > Review request for mesos, Ben Mahler and Jie Yu. > > > Repository: mesos-git > > > Description > ------- > > Add namespaces/pid to --isolation slave flag. Places executor into a pid > namespace so it and all descendants will be contained in the namespace. > Requires the filesystem/shared isolator so /proc and /sys are remounted to > reflect the different namespace. > > > Diffs > ----- > > src/Makefile.am 2617f77b757cb7414889520c88b1bc203dedef09 > src/slave/containerizer/isolators/namespaces/pid.hpp PRE-CREATION > src/slave/containerizer/isolators/namespaces/pid.cpp PRE-CREATION > src/slave/containerizer/linux_launcher.cpp > f7bc894830a7ca3f55465dacc7b653cdc2d7758b > src/slave/containerizer/mesos/containerizer.cpp > 9f745d897119a814bd9f8e1b6a0ce5eaef60ed36 > src/tests/isolator_tests.cpp 52b38a38eaafde3c42d464caa7bb028ba970a291 > > Diff: https://reviews.apache.org/r/25865/diff/ > > > Testing > ------- > > Added test that command in pid namespaced container is in a different > namespace and that the command is 'init' (verifies remount of /proc). > > > Thanks, > > Ian Downes > >
