[
https://issues.apache.org/jira/browse/MESOS-9769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16860494#comment-16860494
]
Qian Zhang commented on MESOS-9769:
-----------------------------------
In the above patch, the command executor was missed to update for
`ContainerFileOperation` support, I posted a patch to fix it:
https://reviews.apache.org/r/70826/
> Add direct containerized support for filesystem operations.
> -----------------------------------------------------------
>
> Key: MESOS-9769
> URL: https://issues.apache.org/jira/browse/MESOS-9769
> Project: Mesos
> Issue Type: Improvement
> Components: containerization
> Reporter: James Peach
> Assignee: James Peach
> Priority: Major
> Fix For: 1.9.0
>
>
> When setting up the container filesystems, we use `pre_exec_commands` to make
> ABI symlinks and other things. The problem with this is that, depending of
> the order of operations, we may not have the full security policy in place
> yet, but since we are running in the context of the container's mount
> namespaces, the programs we execute are under the control of whoever built
> the container image.
> [~jieyu] and I previously discussed adding filesystem operations to the
> `ContainerLaunchInfo`. Just `ln` would be sufficient for the `cgroups` and
> `linux/filesystem` isolators. Secrets and port mapping isolators need more,
> so we should discuss and file new tickets if necessary.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
