Gilbert Song created MESOS-7891:
-----------------------------------
Summary: Document Linux namespaces semantics in Mesos.
Key: MESOS-7891
URL: https://issues.apache.org/jira/browse/MESOS-7891
Project: Mesos
Issue Type: Documentation
Components: documentation
Reporter: Gilbert Song
Document all linux namespace support semantics in Mesos. Specifically:
Current semantic:
{noformat}
| Namespace | Top Level Container | Nested Container |
|------------------------|-----------------------|------------------------|
| Mount | Not shared | Not shared |
| PID | Not shared | Not shared |
| Network & UTS | Configurable | Shared w/ parent |
| IPC | Not shared | Not shared |
| Cgroup (not supported) | Shared w/ agent | Shared w/ parent |
| User (not supported) | Shared w/ agent (TBD) | Shared w/ parent (TBD) |
{noformat}
future plan:
{noformat}
| Namespace | Top Level Container | Nested Container
|
|------------------------|-------------------------------|--------------------------------|
| Mount | Not shared | Not shared
|
| PID | Not shared -> Configurable | Not shared ->
Configurable |
| Network & UTS | Configurable | Shared w/ parent
|
| IPC | Not shared -> Configurable | Not shared ->
Configurable |
| Cgroup (not supported) | Shared w/ agent -> Not Shared | Shared w/ parent ->
Not Shared |
| User (not supported) | Shared w/ agent (TBD) | Shared w/ parent
(TBD) |
{noformat}
Also, document the PID namespace user facing and operator facing API:
{noformat}
message LinuxInfo {
......
// If set as 'true', the container shares the pid namespace with
// its parent. If the container is a top level container, it will
// share the pid namespace with the agent. If the container is a
// nested container, it will share the pid namespace with its
// parent container. This field will be ignored if 'namespaces/pid'
// isolator is not enabled.
optional bool share_pid_namespace = 4;
}
{noformat}
{noformat}
--disallow_sharing_agent_pid_namespace (default: false)
{noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
