[ https://issues.apache.org/jira/browse/MESOS-9769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16860494#comment-16860494 ]
Qian Zhang commented on MESOS-9769: ----------------------------------- In the above patch, the command executor was missed to update for `ContainerFileOperation` support, I posted a patch to fix it: https://reviews.apache.org/r/70826/ > Add direct containerized support for filesystem operations. > ----------------------------------------------------------- > > Key: MESOS-9769 > URL: https://issues.apache.org/jira/browse/MESOS-9769 > Project: Mesos > Issue Type: Improvement > Components: containerization > Reporter: James Peach > Assignee: James Peach > Priority: Major > Fix For: 1.9.0 > > > When setting up the container filesystems, we use `pre_exec_commands` to make > ABI symlinks and other things. The problem with this is that, depending of > the order of operations, we may not have the full security policy in place > yet, but since we are running in the context of the container's mount > namespaces, the programs we execute are under the control of whoever built > the container image. > [~jieyu] and I previously discussed adding filesystem operations to the > `ContainerLaunchInfo`. Just `ln` would be sufficient for the `cgroups` and > `linux/filesystem` isolators. Secrets and port mapping isolators need more, > so we should discuss and file new tickets if necessary. -- This message was sent by Atlassian JIRA (v7.6.3#76005)