Avinash Sridharan created MESOS-6324:
----------------------------------------
Summary: CNI should not use `ifconfig` in executors
`pre_exec_command`
Key: MESOS-6324
URL: https://issues.apache.org/jira/browse/MESOS-6324
Project: Mesos
Issue Type: Bug
Components: containerization
Reporter: Avinash Sridharan
Assignee: Avinash Sridharan
Currently the `network/cni` isolator sets up the `pre_exec_command` for
executors when a container needs to be launched on a non-host network. The
`pre_exec_command` is `ifconfig lo up`. This is done to primarily bring
loopback up in the new network namespace.
Setting up the `pre_exec_command` to bring loopback up is problematic since the
executors PATH variable is generally very limited (doesn't contain all path
that the agents PATH variable has due to security concerns).
Therefore instead of running `ifconfig lo up` in the `pre_exec_command` we
should run it in `NetworkCniIsolatorSetup` subcommand, which runs with the same
PATH variable as the agent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
