> On Nov. 1, 2016, 4:43 a.m., Jie Yu wrote: > > src/slave/containerizer/mesos/isolators/namespaces/cgroup.hpp, line 28 > > <https://reviews.apache.org/r/53296/diff/2/?file=1548952#file1548952line28> > > > > Instead of creating a new namespace/cgroup isolator, I would suggest we > > add the support to cgroups isolator. It looks weird to me to have a > > namespace/cgroup isolator without using the cgroups isolator. > > haosdent huang wrote: > I think it still possible to use `namespaces/cgroup` isolator without > `cgroups` isolation? If user only want to isolate the host cgroups > environment from the container. > > Jie Yu wrote: > What's the use case for that? I feel that it will be strange to enable > cgroup namespace if containers still share the same cgroup. There will be no > isolation if two containers try to manipulate the cgroups. That defeats the > purpose of using cgroup namespace.
For example, we launch docker daemon in the host, which would use `/sys/fs/cgroup/xx/subsystem_name` as the hierarchies. Then we want hide this in the containers launched by Mesos. In this case, we only need `namespace/cgroup` isolator without cgroups isolation. - haosdent ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/53296/#review154371 ----------------------------------------------------------- On Oct. 30, 2016, 4:45 p.m., haosdent huang wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/53296/ > ----------------------------------------------------------- > > (Updated Oct. 30, 2016, 4:45 p.m.) > > > Review request for mesos, Jie Yu, Qian Zhang, and Jiang Yan Xu. > > > Bugs: MESOS-5410 > https://issues.apache.org/jira/browse/MESOS-5410 > > > Repository: mesos > > > Description > ------- > > Added cgroup namespace support for unified container. > > > Diffs > ----- > > src/CMakeLists.txt 639f8678ba23c4d9a2ea0bf84fbc3d6fc9286ef3 > src/Makefile.am c2f9e442182110d0b450d4824600a4a791f8cf27 > src/slave/containerizer/mesos/containerizer.cpp > 67cc595278f124cdf518d2f4fcfb257439f067e2 > src/slave/containerizer/mesos/isolators/namespaces/cgroup.hpp PRE-CREATION > src/slave/containerizer/mesos/isolators/namespaces/cgroup.cpp PRE-CREATION > > Diff: https://reviews.apache.org/r/53296/diff/ > > > Testing > ------- > > The test case is on the way. > > > Thanks, > > haosdent huang > >
