> On March 31, 2016, 5:59 p.m., Cong Wang wrote:
> > Why /var/run/netns could be in the same mount peer group with its parent? 
> > At least on fedora21 this is not the case.
> > 
> > Also, why do you fix two bugs in one patch? I know you don't care about 
> > bisect, but even so this is still not a good practice at all.

I'll split the patch. Regarding the mount peer groups issue, here is the test I 
did on fedora23:
```
[vagrant@localhost build]$ cat /proc/self/mountinfo 
17 58 0:17 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs 
rw,seclabel
18 58 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
19 58 0:6 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs 
rw,seclabel,size=4076012k,nr_inodes=1019003,mode=755
20 17 0:18 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - 
securityfs securityfs rw
21 19 0:19 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
22 19 0:13 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts 
rw,seclabel,gid=5,mode=620,ptmxmode=000
23 58 0:20 / /run rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
24 17 0:21 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs 
ro,seclabel,mode=755
25 24 0:22 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - 
cgroup cgroup 
rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
26 17 0:23 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:19 - pstore 
pstore rw,seclabel
27 24 0:24 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:10 - 
cgroup cgroup rw,blkio
28 24 0:25 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime 
shared:11 - cgroup cgroup rw,net_cls,net_prio
29 24 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:12 - 
cgroup cgroup rw,freezer
30 24 0:27 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - 
cgroup cgroup rw,memory
31 24 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime 
shared:14 - cgroup cgroup rw,perf_event
32 24 0:29 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime 
shared:15 - cgroup cgroup rw,cpu,cpuacct
33 24 0:30 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:16 - 
cgroup cgroup rw,devices
34 24 0:31 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:17 - 
cgroup cgroup rw,hugetlb
35 24 0:32 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:18 - 
cgroup cgroup rw,cpuset
56 17 0:33 / /sys/kernel/config rw,relatime shared:20 - configfs configfs rw
58 0 8:1 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,seclabel,data=ordered
36 17 0:16 / /sys/fs/selinux rw,relatime shared:21 - selinuxfs selinuxfs rw
37 18 0:34 / /proc/sys/fs/binfmt_misc rw,relatime shared:23 - autofs systemd-1 
rw,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct
38 19 0:35 / /dev/hugepages rw,relatime shared:24 - hugetlbfs hugetlbfs 
rw,seclabel
39 19 0:15 / /dev/mqueue rw,relatime shared:25 - mqueue mqueue rw,seclabel
40 17 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs 
rw,seclabel
70 23 0:36 / /run/user/1001 rw,nosuid,nodev,relatime shared:27 - tmpfs tmpfs 
rw,seclabel,size=817560k,mode=700,uid=1001,gid=1001
[vagrant@localhost build]$ sudo mount^C
[vagrant@localhost build]$ sudo mkdir /run/netns
[vagrant@localhost build]$ sudo mount --bind /run/netns /run/netns
[vagrant@localhost build]$ cat /proc/self/mountinfo 
17 58 0:17 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs 
rw,seclabel
18 58 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
19 58 0:6 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs 
rw,seclabel,size=4076012k,nr_inodes=1019003,mode=755
20 17 0:18 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - 
securityfs securityfs rw
21 19 0:19 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
22 19 0:13 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts 
rw,seclabel,gid=5,mode=620,ptmxmode=000
23 58 0:20 / /run rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
24 17 0:21 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs 
ro,seclabel,mode=755
25 24 0:22 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - 
cgroup cgroup 
rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
26 17 0:23 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:19 - pstore 
pstore rw,seclabel
27 24 0:24 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:10 - 
cgroup cgroup rw,blkio
28 24 0:25 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime 
shared:11 - cgroup cgroup rw,net_cls,net_prio
29 24 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:12 - 
cgroup cgroup rw,freezer
30 24 0:27 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - 
cgroup cgroup rw,memory
31 24 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime 
shared:14 - cgroup cgroup rw,perf_event
32 24 0:29 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime 
shared:15 - cgroup cgroup rw,cpu,cpuacct
33 24 0:30 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:16 - 
cgroup cgroup rw,devices
34 24 0:31 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:17 - 
cgroup cgroup rw,hugetlb
35 24 0:32 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:18 - 
cgroup cgroup rw,cpuset
56 17 0:33 / /sys/kernel/config rw,relatime shared:20 - configfs configfs rw
58 0 8:1 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,seclabel,data=ordered
36 17 0:16 / /sys/fs/selinux rw,relatime shared:21 - selinuxfs selinuxfs rw
37 18 0:34 / /proc/sys/fs/binfmt_misc rw,relatime shared:23 - autofs systemd-1 
rw,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct
38 19 0:35 / /dev/hugepages rw,relatime shared:24 - hugetlbfs hugetlbfs 
rw,seclabel
39 19 0:15 / /dev/mqueue rw,relatime shared:25 - mqueue mqueue rw,seclabel
40 17 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs 
rw,seclabel
70 23 0:36 / /run/user/1001 rw,nosuid,nodev,relatime shared:27 - tmpfs tmpfs 
rw,seclabel,size=817560k,mode=700,uid=1001,gid=1001
72 23 0:20 /netns /run/netns rw,nosuid,nodev shared:22 - tmpfs tmpfs 
rw,seclabel,mode=755
[vagrant@localhost build]$ sudo mount --make-shared /run/netns
[vagrant@localhost build]$ cat /proc/self/mountinfo 
17 58 0:17 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs 
rw,seclabel
18 58 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
19 58 0:6 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs 
rw,seclabel,size=4076012k,nr_inodes=1019003,mode=755
20 17 0:18 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - 
securityfs securityfs rw
21 19 0:19 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
22 19 0:13 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts 
rw,seclabel,gid=5,mode=620,ptmxmode=000
23 58 0:20 / /run rw,nosuid,nodev shared:22 - tmpfs tmpfs rw,seclabel,mode=755
24 17 0:21 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:8 - tmpfs tmpfs 
ro,seclabel,mode=755
25 24 0:22 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - 
cgroup cgroup 
rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
26 17 0:23 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:19 - pstore 
pstore rw,seclabel
27 24 0:24 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:10 - 
cgroup cgroup rw,blkio
28 24 0:25 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime 
shared:11 - cgroup cgroup rw,net_cls,net_prio
29 24 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:12 - 
cgroup cgroup rw,freezer
30 24 0:27 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - 
cgroup cgroup rw,memory
31 24 0:28 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime 
shared:14 - cgroup cgroup rw,perf_event
32 24 0:29 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime 
shared:15 - cgroup cgroup rw,cpu,cpuacct
33 24 0:30 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:16 - 
cgroup cgroup rw,devices
34 24 0:31 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:17 - 
cgroup cgroup rw,hugetlb
35 24 0:32 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:18 - 
cgroup cgroup rw,cpuset
56 17 0:33 / /sys/kernel/config rw,relatime shared:20 - configfs configfs rw
58 0 8:1 / / rw,relatime shared:1 - ext4 /dev/sda1 rw,seclabel,data=ordered
36 17 0:16 / /sys/fs/selinux rw,relatime shared:21 - selinuxfs selinuxfs rw
37 18 0:34 / /proc/sys/fs/binfmt_misc rw,relatime shared:23 - autofs systemd-1 
rw,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct
38 19 0:35 / /dev/hugepages rw,relatime shared:24 - hugetlbfs hugetlbfs 
rw,seclabel
39 19 0:15 / /dev/mqueue rw,relatime shared:25 - mqueue mqueue rw,seclabel
40 17 0:7 / /sys/kernel/debug rw,relatime shared:26 - debugfs debugfs 
rw,seclabel
70 23 0:36 / /run/user/1001 rw,nosuid,nodev,relatime shared:27 - tmpfs tmpfs 
rw,seclabel,size=817560k,mode=700,uid=1001,gid=1001
72 23 0:20 /netns /run/netns rw,nosuid,nodev shared:22 - tmpfs tmpfs 
rw,seclabel,mode=755
```


- Jie


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45520/#review126372
-----------------------------------------------------------


On March 31, 2016, 1:47 a.m., Jie Yu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45520/
> -----------------------------------------------------------
> 
> (Updated March 31, 2016, 1:47 a.m.)
> 
> 
> Review request for mesos, Ian Downes and Cong Wang.
> 
> 
> Bugs: MESOS-4662
>     https://issues.apache.org/jira/browse/MESOS-4662
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Fixed the bind mount root issue in port mapping isolator. This patch fixed 
> two issues:
> 1) no long assume /var/run/netns is a realpath
> 2) made sure /var/run/netns is a shared mount in its own mount peer group
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/network/port_mapping.hpp 
> 0fe2f486eb733acf738c1c61fc44f820d7401afc 
>   src/slave/containerizer/mesos/isolators/network/port_mapping.cpp 
> 323c84a3d960a196d8ba87f753814e9d43a07957 
>   src/tests/containerizer/port_mapping_tests.cpp 
> e062daa9fcfc776144b48325daa1f1284c5e59a4 
> 
> Diff: https://reviews.apache.org/r/45520/diff/
> 
> 
> Testing
> -------
> 
> sudo make check on Fedora23
> 
> 
> Thanks,
> 
> Jie Yu
> 
>

Reply via email to