Jie Yu created MESOS-6489:
-----------------------------
Summary: Better support for containers that want to manage their
own cgroup.
Key: MESOS-6489
URL: https://issues.apache.org/jira/browse/MESOS-6489
Project: Mesos
Issue Type: Improvement
Reporter: Jie Yu
Some containers want to manage their cgroup by sub-dividing the cgroup that
Mesos allocates to them into multiple sub-cgroups and put subprocess into the
corresponding sub-cgroups.
For instance, someone wants to run Docker daemon in a Mesos container. Docker
daemon will manage the cgroup assigned to it by Mesos (with the help , for
example, cgroups namespace).
Problems arise during the teardown of the container because two entities might
be manipulating the same cgroup simultaneously. For example, the Mesos
cgroups::destroy might fail if the task running inside is trying to delete the
same nested cgroup at the same time.
To support that case, we should consider kill all the processes in the Mesos
cgroup first, making sure that no one will be creating sub-cgroups and moving
new processes into sub-cgroups. And then, destroy the cgroups recursively.
And we need freezer because we want to make sure all processes are stopped
while we are sending kill signals to avoid TOCTTOU race problem. I think it
makes more sense to freezer the cgroups (and sub-cgroups) from top down (rather
than bottom up because typically, processes in the parent cgroup manipulate
sub-cgroups).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
