[
https://issues.apache.org/jira/browse/MESOS-5923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15402306#comment-15402306
]
Jie Yu edited comment on MESOS-5923 at 8/2/16 4:51 AM:
-------------------------------------------------------
commit 48a492cd9d7d0a194735b9b4107a35b489c596e1
Author: Kevin Klues <[email protected]>
Date: Mon Aug 1 09:06:07 2016 -0700
Updated NvidiaVolume to mount as 'tmpfs' if parent fs is 'noexec'.
This patch is in response to an issue we ran into on Ubuntu 14.04,
where '/run' is being mounted as 'noexec' (MESOS-5923). Since our
NvidiaVolume is created below this mount point, we are unable to
execute any binaries we add to this volume. This causes problems, for
example, when trying to execute 'nvidia-smi' from within a container
that has this volume mounted in.
To work around this issue, we detect if any mount point above the path
where we create the volume is marked as 'noexec', and if so, we create
a new 'tmpfs' mount for the volume without 'noexec' set.
Review: https://reviews.apache.org/r/50592/
was (Author: jieyu):
commit 48a492cd9d7d0a194735b9b4107a35b489c596e1
Author: Kevin Klues <[email protected]>
Date: Mon Aug 1 09:06:07 2016 -0700
Updated NvidiaVolume to mount as 'tmpfs' if parent fs is 'noexec'.
This patch is in response to an issue we ran into on Ubuntu 14.04,
where '/run' is being mounted as 'noexec' (MESOS-5923). Since our
NvidiaVolume is created below this mount point, we are unable to
execute any binaries we add to this volume. This causes problems, for
example, when trying to execute 'nvidia-smi' from within a container
that has this volume mounted in.
To work around this issue, we detect if any mount point above the path
where we create the volume is marked as 'noexec', and if so, we create
a new 'tmpfs' mount for the volume without 'noexec' set.
Review: https://reviews.apache.org/r/50592/
commit ad1f610508ca669b32b1cb7a4d5baf5f3b337b70
Author: Kevin Klues <[email protected]>
Date: Mon Aug 1 09:06:04 2016 -0700
Added check for root permissions to 'NvidiaVolume::create()'.
Review: https://reviews.apache.org/r/50644/
> Ubuntu 14.04 LTS GPU Isolator "/run" directory is noexec
> --------------------------------------------------------
>
> Key: MESOS-5923
> URL: https://issues.apache.org/jira/browse/MESOS-5923
> Project: Mesos
> Issue Type: Bug
> Affects Versions: 1.0.0
> Environment: Ubuntu 14.04 LTS
> Reporter: Bill Zhao
> Assignee: Kevin Klues
> Labels: gpu, mesosphere
> Fix For: 1.0.1
>
>
> In Ubuntu 14.04 LTS the mount for /run directory is noexec. It affect the
> {{/var/run/mesos/isolators/gpu/nvidia_352.63/bin}} directory which mesos GPU
> isolators depended on.
> {{bill@billz:/var/run$ mount | grep noexec
> proc on /proc type proc (rw,noexec,nosuid,nodev)
> sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
> devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
> tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)}}
> The /var/run is link to /run:
> {{bill@billz:/var$ ll
> total 52
> drwxr-xr-x 13 root root 4096 May 5 20:00 ./
> drwxr-xr-x 27 root root 4096 Jul 14 17:29 ../
> lrwxrwxrwx 1 root root 9 May 5 19:50 lock -> /run/lock/
> drwxrwxr-x 19 root syslog 4096 Jul 28 08:00 log/
> drwxr-xr-x 2 root root 4096 Aug 4 2015 opt/
> lrwxrwxrwx 1 root root 4 May 5 19:50 run -> /run/}}
> Current the work around is mount without noexec:
> {{sudo mount -o remount,exec /run}}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
