> On Nov. 11, 2016, 2:04 a.m., Jie Yu wrote: > > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp, line 528 > > <https://reviews.apache.org/r/53354/diff/4/?file=1557145#file1557145line528> > > > > Why PID namespace here? Also, where is UTS namesapce?
This was a copy and paste error from the PID isolator as I was changing these all at once. > On Nov. 11, 2016, 2:04 a.m., Jie Yu wrote: > > src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp, line 152 > > <https://reviews.apache.org/r/53354/diff/4/?file=1557147#file1557147line152> > > > > I would actually add a check here and return Error if this is a debug > > container to make sure we get a proper error message if a debug container > > tries to specify a sandbox_path volume. > > > > For this reason, I'd probably move the above ifdef block down below. I reorganized this slightly differently. Let me know what you think. > On Nov. 11, 2016, 2:04 a.m., Jie Yu wrote: > > src/tests/containerizer/nested_mesos_containerizer_tests.cpp, lines 297-299 > > <https://reviews.apache.org/r/53354/diff/4/?file=1557149#file1557149line297> > > > > This is a little flaky because `wc` process might or might not be > > forked while `ps` is executing. > > > > I'd suggest we get the inode number of the pid namespace handle from > > the host and inject that number into the shell command to make sure that in > > the target pid namespace is not the same. I don't quite understand how I would do this as you suggested. I would have to compare the DEBUG containers pid namespace to the parent container's pid namespace, not the host pid namespace. - Kevin ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/53354/#review155658 ----------------------------------------------------------- On Nov. 11, 2016, 11:26 p.m., Kevin Klues wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/53354/ > ----------------------------------------------------------- > > (Updated Nov. 11, 2016, 11:26 p.m.) > > > Review request for mesos and Jie Yu. > > > Bugs: MESOS-6464 > https://issues.apache.org/jira/browse/MESOS-6464 > > > Repository: mesos > > > Description > ------- > > The namespace-related isolators now do different things depending on > whether they are launching a "normal" nested container or a "debug" > nested container. Normal nested containers clone a new mount namespace > as well as a new pid namespace. Debug nested cotnainers do not -- they > simply inherit these namespaces from their parent. > > > Diffs > ----- > > src/slave/containerizer/mesos/containerizer.cpp > 44225ebf63d8dd93be9b60fff496c74dc6c3a5ad > src/slave/containerizer/mesos/isolators/filesystem/linux.cpp > df16b8fee6799a69c7d96f33a5049bd9787c48f5 > src/slave/containerizer/mesos/isolators/gpu/isolator.cpp > e3756c920081f2944bf4b640edf0a83f42784586 > src/slave/containerizer/mesos/isolators/namespaces/pid.cpp > 0d9ec57d9aa83bcc6cc2e5a8d75f2e2251179b1b > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp > 50b43777b1e470898de139e2dae398ebb2c0d6bb > src/slave/containerizer/mesos/isolators/volume/image.cpp > 210e67ad0d84f52135e77184f21e574c9e31628d > src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp > 7b976d29226c3e0a4d52922e9d2f7e685de72297 > src/slave/containerizer/mesos/linux_launcher.cpp > 0305d14c1f791c93edcd3b32786b483b15f40a2d > src/tests/containerizer/nested_mesos_containerizer_tests.cpp > e6c690c411f57138207044f31b4816bd4090c1b7 > > Diff: https://reviews.apache.org/r/53354/diff/ > > > Testing > ------- > > make -j check > sudo src/mesos-tests > > > Thanks, > > Kevin Klues > >
