----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/36930/#review93680 -----------------------------------------------------------
Ship it! Could you make a comment that port mapping doesn't need mount namespace itself, i.e., the make-share outside and the make-slave inside on /var/run/netns are noops when it's disabled, but doing so avoids the race in MESOS-1558 when it is enabled, in case when it is required by other components of mesos? - Chi Zhang On July 30, 2015, 12:19 a.m., Jie Yu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/36930/ > ----------------------------------------------------------- > > (Updated July 30, 2015, 12:19 a.m.) > > > Review request for mesos, Chi Zhang and Vinod Kone. > > > Repository: mesos > > > Description > ------- > > Forced the network isolator to use the mount namespace. > > The code of the network isolator actually relies on the fact that the child > is in a seprate mount namespace. For example: > https://github.com/apache/mesos/blob/master/src/slave/containerizer/isolators/network/port_mapping.cpp#L1527 > https://github.com/apache/mesos/blob/master/src/slave/containerizer/isolators/network/port_mapping.cpp#L3533 > > It originally depends on mount namespace, but was removed in this patch: > https://reviews.apache.org/r/26274 > > That was a bug to me. It didn't cause any issue because we don't clone the > mounts (since we are not using mount namespace) anymore after the above > patch. So the kernel won't have an extra reference to the mount when we try > to umount it in `_cleanup()`. > > > Diffs > ----- > > src/slave/containerizer/isolators/network/port_mapping.cpp > 3f6e9df8711995d0dd3903c6170fdd5ad61aac5a > > Diff: https://reviews.apache.org/r/36930/diff/ > > > Testing > ------- > > sudo make check > > > Thanks, > > Jie Yu > >
