-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52809/
-----------------------------------------------------------

(Updated Oct. 17, 2016, 11:59 p.m.)


Review request for mesos, Gilbert Song and Jie Yu.


Summary (updated)
-----------------

User Namespaces Initial Implementation.


Bugs: MESOS-2952
    https://issues.apache.org/jira/browse/MESOS-2952


Repository: mesos


Description (updated)
-------

Work in progress : implementing User namespaces.
Phase 1: Create isolator and enable isolator to when Agent is
  run with "userns=true". If this flags is not set the original
  functionality will run the task as user who started the task.
  With the flag set to true, the task will be run inside the user
  namespace as a root inside the container and task is run as the
  user who started the task when seen from outside of the container.
  Approriate uid and gid maps are created.
Phase 2: Provide mount point support for containers running in
  user namespace. This will allow to properly mount and access
  the filesystems with proper permission.


Diffs (updated)
-----

  src/Makefile.am 3bcc0f2dfc2c4f71841bd6d161f39e0e919fc0d7 
  src/slave/containerizer/mesos/containerizer.cpp 
eac70d955e08142a2d054039d610a3d516b1b57e 
  src/slave/containerizer/mesos/isolators/user/user.hpp PRE-CREATION 
  src/slave/containerizer/mesos/isolators/user/user.cpp PRE-CREATION 
  src/slave/containerizer/mesos/isolators/user/usermaps.hpp PRE-CREATION 
  src/slave/containerizer/mesos/launch.cpp 
8a30ff8bd6f9263d68a4344b79f2374a2ae53c04 
  src/slave/flags.hpp 3c292bac9394347318865f49782907def6541742 
  src/slave/flags.cpp 87d9e4632321134192bb0a67f1b91db7d89f539b 

Diff: https://reviews.apache.org/r/52809/diff/


Testing
-------

Work in progress implementing User namespaces.
Phase 1: Create isolator and enable isolator to when Agent is run with 
"userns=true". If this flags is not set the original functionality will run the 
task as user who started the task. With User namespace the task will be run 
inside the user namespace with as a root with the user who started the task is 
mapped to outside of the container. Approriate uid and gid maps are created.
Phase 2: Provide mount point support for containers running in user namespace.


Thanks,

Srinivas Brahmaroutu

Reply via email to