[
https://issues.apache.org/jira/browse/MESOS-7605?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16348786#comment-16348786
]
James Peach commented on MESOS-7605:
------------------------------------
[~qianzhang] That is exactly not the point of this change. CNI already supports
setting the container hostname as for all containers that have an image. The
point of this isolator is to guarantee that the host's UTS namespace is
protected from containers (case 1) above. I kept it explicitly out of scope for
this isolator to actually set the hostname, since last time I did that, we
ended up moving that feature to the CNI isolator.
> UCR doesn't isolate uts namespace w/ host networking
> ----------------------------------------------------
>
> Key: MESOS-7605
> URL: https://issues.apache.org/jira/browse/MESOS-7605
> Project: Mesos
> Issue Type: Improvement
> Components: containerization
> Reporter: James DeFelice
> Assignee: James Peach
> Priority: Major
> Labels: mesosphere
>
> Docker's {{run}} command supports a {{--hostname}} parameter which impacts
> container isolation, even in {{host}} network mode: (via
> https://docs.docker.com/engine/reference/run/)
> {quote}
> Even in host network mode a container has its own UTS namespace by default.
> As such --hostname is allowed in host network mode and will only change the
> hostname inside the container. Similar to --hostname, the --add-host, --dns,
> --dns-search, and --dns-option options can be used in host network mode.
> {quote}
> I see no evidence that UCR offers a similar isolation capability.
> Related: the {{ContainerInfo}} protobuf has a {{hostname}} field which was
> initially added to support the Docker containerizer's use of the
> {{--hostname}} Docker {{run}} flag.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
