> On June 27, 2016, 4:41 p.m., Jie Yu wrote: > > src/slave/containerizer/mesos-chroot.cpp, lines 107-110 > > <https://reviews.apache.org/r/49273/diff/1/?file=1431194#file1431194line107> > > > > Hum, that reminds me that there's a bug in the current command executor > > impl. Since pivot_root will mutate the mount table, it actually has side > > effects (that's the reason there is a command called pivot_root, and you > > don't have to specify commands, unlike chroot or su)! For command tasks, we > > need to make sure the health check program is also accessible inside the > > chroot. We need to refactor that part to use a libprocess Process instead > > of a new binary. > > > > Ideally, command executor will use the same utility to create user > > task. However, to simply some of the tooling (e.g., mesos exec) for command > > tasks, we need to make sure executor and the actual tasks are in the same > > mount namespace (otherwise, how does the CLI find the namespace handle for > > the task). That makes me wonder that should we make 'unshare' optional here > > (via a flag)? > > > > Also, since binary does more than just chroot. It also set uid/gids, > > chroot, chdir. We need a better name for the subcommand? Ideally, if we can > > merge this impl. with `src/slave/containerizer/mesos/launch.cpp`, that'll > > be awesome (as you can see, most of the logics are the same). > > > > For now, if you feel there're too much work, we can just name it > > `LAUNCH_TASK`.
Just to clarify, the requirement for the executor and the health check binary to be in the same mount ns is only for the command executor? - Ian ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/49273/#review139601 ----------------------------------------------------------- On June 27, 2016, 10:09 a.m., Ian Downes wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/49273/ > ----------------------------------------------------------- > > (Updated June 27, 2016, 10:09 a.m.) > > > Review request for mesos, Joshua Cohen and Jie Yu. > > > Repository: mesos > > > Description > ------- > > Uses the same code as the agent uses for chroot'ing on Linux, i.e., > pivot_root and setting up /dev etc. Intention is that executors (like > Aurora's Thermos) can use it to chroot tasks. > > Currently, the root path is specified as a flag and the remaining arguments > are exec'ed. Joshua has also requested that the root path could be specified > as the first arg. @Jie, thoughts? > > > Diffs > ----- > > src/Makefile.am 86c39fdf379ada470c9b1f86be263ef71dc47c41 > src/slave/containerizer/mesos-chroot.cpp PRE-CREATION > > Diff: https://reviews.apache.org/r/49273/diff/ > > > Testing > ------- > > Manual. > > > Thanks, > > Ian Downes > >
