[
https://issues.apache.org/jira/browse/MESOS-1574?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14061219#comment-14061219
]
Jie Yu commented on MESOS-1574:
-------------------------------
The system admin could also set ip_local_port_range to prevent a rogue process
from binding to a mesos reserved port:
echo xxx > /proc/sys/net/ipv4/ip_local_port_range
> what to do when a rogue process binds to a port mesos didn't allocate to it?
> ----------------------------------------------------------------------------
>
> Key: MESOS-1574
> URL: https://issues.apache.org/jira/browse/MESOS-1574
> Project: Mesos
> Issue Type: Improvement
> Components: allocation, isolation
> Reporter: Jay Buffington
> Priority: Minor
>
> I recently had an issue where a slave had a process who's parent was init
> that was bound to a port in the range that mesos thought was a free resource.
> I'm not sure if this is due to a bug in mesos (it lost track of this process
> during an upgrade?) or if there was a bad user who started a process on the
> host manually outside of mesos. The process is over a month old and I have
> no history in mesos to ask it if/when it launched the task :(
> If a rogue process binds to a port that mesos-slave has offered to the master
> as an available resource there should be some sort of reckoning. Mesos could:
> * kill the rogue process
> * rescind the offer for that port
> * have an api that can be plugged into a monitoring system to alert humans
> of this inconsistency
--
This message was sent by Atlassian JIRA
(v6.2#6252)
