Qian Zhang commented on MESOS-7853:


> Support shared PID namespace.
> -----------------------------
>                 Key: MESOS-7853
>                 URL: https://issues.apache.org/jira/browse/MESOS-7853
>             Project: Mesos
>          Issue Type: Task
>          Components: containerization
>            Reporter: Gilbert Song
>            Assignee: Qian Zhang
>              Labels: containerizer, mesosphere, namespaces
> Currently, with the 'namespaces/pid' isolator enabled, each container will 
> have its own pid namespace. This does not meet the need for some scenarios. 
> For example, under the same executor container, one task wants to reach out 
> to another task which need to share the same pid namespace.
> We should support container pid namespace to be configurable. Users can 
> choose one container to share its parent's pid namespace or not.
> User facing API:
> {noformat}
> message LinuxInfo {
>   ......
>   // True if it shares the pid namepace with its parent. If the
>   // container is a top level container, it means share the pid
>   // namespace with the agent. If the container is a nested
>   // container, it means share the pid namespce with its parent
>   // container. This field will be ignored if 'namespaces/pid'
>   // isolator is not enabled.
>   optional bool share_pid_namespace = 4;
> }
> {noformat}
> A new agent flag:
> --disallow_top_level_pid_ns_sharing (defaults to be: false)
> this is a security concern from operator's perspective. While some of the 
> nested containers share the pid namespace from their parents, the top level 
> containers always not share the pid ns from the agent.

This message was sent by Atlassian JIRA

Reply via email to