----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/57884/#review170196 -----------------------------------------------------------
src/slave/containerizer/mesos/isolators/network/cni/cni.cpp Line 1910 (original), 1910 (patched) <https://reviews.apache.org/r/57884/#comment242977> Are you sure this works? I remembered that for read only bind mount, you need to do a bind mount and a remount with read only flag. https://lwn.net/Articles/281157/ That probably means we should add a unit test for this. Take a look at CniIsolatorTest.ROOT_OverrideHostname which will give you some idea how to adding a unit test for this. - Jie Yu On March 23, 2017, 5:11 p.m., Silas Snider wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/57884/ > ----------------------------------------------------------- > > (Updated March 23, 2017, 5:11 p.m.) > > > Review request for mesos and Jie Yu. > > > Bugs: MESOS-7268 > https://issues.apache.org/jira/browse/MESOS-7268 > > > Repository: mesos > > > Description > ------- > > Ensure that host /etc/* files are mounted RDONLY by the CNI Isolator. > > > Diffs > ----- > > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp > 6e95315b70a5d9d3b4b21c4cf235b0a483760190 > > > Diff: https://reviews.apache.org/r/57884/diff/1/ > > > Testing > ------- > > > Thanks, > > Silas Snider > >
