[
https://issues.apache.org/jira/browse/MESOS-6489?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15622873#comment-15622873
]
Yan Xu commented on MESOS-6489:
-------------------------------
+1 on passing a single cgroup to Destroyer.
> Better support for containers that want to manage their own cgroup.
> -------------------------------------------------------------------
>
> Key: MESOS-6489
> URL: https://issues.apache.org/jira/browse/MESOS-6489
> Project: Mesos
> Issue Type: Improvement
> Components: cgroups
> Reporter: Jie Yu
> Labels: cgroups
>
> Some containers want to manage their cgroup by sub-dividing the cgroup that
> Mesos allocates to them into multiple sub-cgroups and put subprocess into the
> corresponding sub-cgroups.
> For instance, someone wants to run Docker daemon in a Mesos container. Docker
> daemon will manage the cgroup assigned to it by Mesos (with the help , for
> example, cgroups namespace).
> Problems arise during the teardown of the container because two entities
> might be manipulating the same cgroup simultaneously. For example, the Mesos
> cgroups::destroy might fail if the task running inside is trying to delete
> the same nested cgroup at the same time.
> To support that case, we should consider kill all the processes in the Mesos
> cgroup first, making sure that no one will be creating sub-cgroups and moving
> new processes into sub-cgroups. And then, destroy the cgroups recursively.
> And we need freezer because we want to make sure all processes are stopped
> while we are sending kill signals to avoid TOCTTOU race problem. I think it
> makes more sense to freezer the cgroups (and sub-cgroups) from top down
> (rather than bottom up because typically, processes in the parent cgroup
> manipulate sub-cgroups).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
