[ https://issues.apache.org/jira/browse/MESOS-6145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15495008#comment-15495008 ]
Jie Yu commented on MESOS-6145: ------------------------------- OK, I'll take some time to fix the isolator. It might be a breaking change as I want to change some of the ways we do checkpointing. > Isolator namespaces/pid is leaking mounts > ----------------------------------------- > > Key: MESOS-6145 > URL: https://issues.apache.org/jira/browse/MESOS-6145 > Project: Mesos > Issue Type: Bug > Components: containerization, isolation, security > Reporter: Stephan Erb > Assignee: Jie Yu > > As the operator of a Mesos cluster, I would like every container/executor to > run in a single PID namespace, so that a task cannot see what else is running > on the same host. > The existing {{namespaces/pid}} isolator seems to provide this feature. > However, it seems like it is leaking files. I have exactly one task running > currently, but there are still left overs from earlier invocations > {code} > vagrant@aurora:~/aurora$ ls -l /var/run/mesos/pidns/ > total 0 > -rw-r--r-- 1 root root 0 Aug 26 20:30 32b6e4c7-3d22-47ed-a350-9eb929daa241 > -rw-r--r-- 1 root root 0 Aug 26 20:30 7b812f00-4614-4016-a76c-ff78a175a1b0 > -rw-r--r-- 1 root root 0 Aug 26 20:24 d501829e-7cf8-40fb-a895-0ad3416da7dc > -rw-r--r-- 1 root root 0 Aug 26 20:24 d56ca91f-eb72-426c-8bbb-f3239358a4ef > -r--r--r-- 1 root root 0 Aug 26 20:35 fef9a109-de52-45f3-ae41-171de6495705 > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)