Gilbert Song created MESOS-7853:
-----------------------------------
Summary: Support shared PID namespace.
Key: MESOS-7853
URL: https://issues.apache.org/jira/browse/MESOS-7853
Project: Mesos
Issue Type: Task
Components: containerization
Reporter: Gilbert Song
Currently, with the 'namespaces/pid' isolator enabled, each container will have
its own pid namespace. This does not meet the need for some scenarios. For
example, under the same executor container, one task wants to reach out to
another task which need to share the same pid namespace.
We should support container pid namespace to be configurable. Users can choose
one container to share its parent's pid namespace or not.
User facing API:
{noformat}
message LinuxInfo {
......
// True if it shares the pid namepace with its parent. If the
// container is a top level container, it means share the pid
// namespace with the agent. If the container is a nested
// container, it means share the pid namespce with its parent
// container. This field will be ignored if 'namespaces/pid'
// isolator is not enabled.
optional bool share_pid_namespace = 4;
}
{noformat}
A new agent flag:
--disallow_top_level_pid_ns_sharing (defaults to be: false)
this is a security concern from operator's perspective. While some of the
nested containers share the pid namespace from their parents, the top level
containers always not share the pid ns from the agent.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
