----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/#review74674 -----------------------------------------------------------
I agree with Jie that there is a ton of subtly here that makes this dense. Writing a short design doc and linking the jira to it would be super helpful. docs/mesos-containerizer.md should be updated to explain to operators how this works. That doc should be updated to include: - requirement that the value of --work_dir be a sub directory of --chroot - explaination that when this feature is used /etc/passwd in the chroot is where TaskInfo.user is looked up - just like always you're relying on unix permissions to keep tasks from editing files outside the work_dir, but inside the chroot (at first I was surprised you didn't bind mount the chroot dir as read-only, but I get why you didn't [thermos checkpointing]) - mountpoints that need to exist inside the chroot, such as proc and dev (or you can just edit this patch to make them if they dont exist) - A demo of how you can build the contents of the chroot directory (debootstrap, docker export, etc) Thanks!! src/slave/containerizer/mesos/launch.cpp <https://reviews.apache.org/r/31444/#comment121345> I was curious how you came up with this list. I did "man MAKEDEV" and read this: Certain devices are required for minimal functionality. These are: mem - access to physical memory; null - null device (infinite sink); port - access to I/O ports; zero - null byte source (infinite source); core - symlink to /proc/kcore (for kernel debugging); full - always returns ENOSPACE on write; ram - ramdisk; tty - to access the controlling tty of a process. src/slave/containerizer/mesos/launch.cpp <https://reviews.apache.org/r/31444/#comment121346> A DEBUG message here explaining that the process is chroot'ing would be useful in the logs. Without it subsequent error messages like "Failed to chdir into work directory /tmp/mesos" are super confusing when reading the logs. - Jay Buffington On Feb. 25, 2015, 10:48 p.m., Ian Downes wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/31444/ > ----------------------------------------------------------- > > (Updated Feb. 25, 2015, 10:48 p.m.) > > > Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, and Jie > Yu. > > > Bugs: MESOS-2350 > https://issues.apache.org/jira/browse/MESOS-2350 > > > Repository: mesos > > > Description > ------- > > Optionally take a path that the launch helper should chroot to before > exec'ing the executor. It is assumed that the work directory is mounted to > the appropriate location under the chroot. In particular, the path to the > executor must be relative to the chroot. > > Configuration that should be private to the chroot is done during the launch, > e.g. mounting proc and statically configuring basic devices. It is assumed > that other configuration, e.g., preparing the image, mounting in volumes or > persistent resources, is done by the caller. > > Mounts can be made to the chroot (e.g., updating the volumes or persistent > resources) and they will propagate in to the container but mounts made inside > the container will not propagate out to the host. > > It currently assumes that at least {{chroot}}/tmp is writeable and that mount > points {{chroot}}/{tmp,dev,proc,sys} exist in the chroot. > > This is specific to Linux. > > > Diffs > ----- > > src/slave/containerizer/mesos/launch.hpp > 7c8b535746b5ce9add00afef86fdb6faefb5620e > src/slave/containerizer/mesos/launch.cpp > 2f2d60e2011f60ec711d3b29fd2c157e30c83c34 > > Diff: https://reviews.apache.org/r/31444/diff/ > > > Testing > ------- > > Manual testing only so far. This is harder to automate because we need a > self-contained chroot to execute something in... Suggestions welcome. > > > Thanks, > > Ian Downes > >
