-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/36930/#review93680
-----------------------------------------------------------

Ship it!


Could you make a comment that port mapping doesn't need mount namespace itself, 
i.e., the make-share outside and the make-slave inside on /var/run/netns are 
noops when it's disabled, but doing so avoids the race in MESOS-1558 when it is 
enabled, in case when it is required by other components of mesos?

- Chi Zhang


On July 30, 2015, 12:19 a.m., Jie Yu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/36930/
> -----------------------------------------------------------
> 
> (Updated July 30, 2015, 12:19 a.m.)
> 
> 
> Review request for mesos, Chi Zhang and Vinod Kone.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Forced the network isolator to use the mount namespace.
> 
> The code of the network isolator actually relies on the fact that the child 
> is in a seprate mount namespace. For example:
> https://github.com/apache/mesos/blob/master/src/slave/containerizer/isolators/network/port_mapping.cpp#L1527
> https://github.com/apache/mesos/blob/master/src/slave/containerizer/isolators/network/port_mapping.cpp#L3533
> 
> It originally depends on mount namespace, but was removed in this patch:
> https://reviews.apache.org/r/26274
> 
> That was a bug to me. It didn't cause any issue because we don't clone the 
> mounts (since we are not using mount namespace) anymore after the above 
> patch. So the kernel won't have an extra reference to the mount when we try 
> to umount it in `_cleanup()`.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/isolators/network/port_mapping.cpp 
> 3f6e9df8711995d0dd3903c6170fdd5ad61aac5a 
> 
> Diff: https://reviews.apache.org/r/36930/diff/
> 
> 
> Testing
> -------
> 
> sudo make check
> 
> 
> Thanks,
> 
> Jie Yu
> 
>

Reply via email to