> On March 27, 2017, 5:19 p.m., Jie Yu wrote: > > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp > > Line 1910 (original), 1910 (patched) > > <https://reviews.apache.org/r/57884/diff/1/?file=1672886#file1672886line1910> > > > > Are you sure this works? I remembered that for read only bind mount, > > you need to do a bind mount and a remount with read only flag. > > https://lwn.net/Articles/281157/ > > > > That probably means we should add a unit test for this. Take a look at > > CniIsolatorTest.ROOT_OverrideHostname which will give you some idea how to > > adding a unit test for this.
Sorry it took so long -- I was pulled onto another project briefly. I've updated to match the recommendation, confirmed that it works by adding a test which I confirmed passes now, but does not without my change. - Silas ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/57884/#review170196 ----------------------------------------------------------- On April 5, 2017, 7:53 p.m., Silas Snider wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/57884/ > ----------------------------------------------------------- > > (Updated April 5, 2017, 7:53 p.m.) > > > Review request for mesos and Jie Yu. > > > Bugs: MESOS-7268 > https://issues.apache.org/jira/browse/MESOS-7268 > > > Repository: mesos > > > Description > ------- > > Ensure that host /etc/* files are mounted RDONLY by the CNI Isolator. > > > Diffs > ----- > > src/slave/containerizer/mesos/isolators/network/cni/cni.cpp > 6e95315b70a5d9d3b4b21c4cf235b0a483760190 > src/tests/containerizer/linux_filesystem_isolator_tests.cpp > 5e489ef6a522000c55b0fb9a27bce2567f82bb73 > > > Diff: https://reviews.apache.org/r/57884/diff/2/ > > > Testing > ------- > > > Thanks, > > Silas Snider > >
