> On May 5, 2017, 2:34 p.m., Chun-Hung Hsiao wrote: > > src/slave/containerizer/mesos/containerizer.cpp > > Lines 228 (patched) > > <https://reviews.apache.org/r/59001/diff/2/?file=1709304#file1709304line228> > > > > <p>This might violate the assumption that there is only one filesystem > > isolator. Maybe check that 'filesystem/linux' is enabled in the creator of > > 'volume/image' below?</p> > > Chun-Hung Hsiao wrote: > Please ignore the "Maybe..." question.
Thanks for the catch. I have fixed it now. > On May 5, 2017, 2:34 p.m., Chun-Hung Hsiao wrote: > > src/slave/containerizer/mesos/isolators/volume/secret.cpp > > Lines 286 (patched) > > <https://reviews.apache.org/r/59001/diff/2/?file=1709306#file1709306line286> > > > > Can we just write the secret to `sandboxSecretPath`? The idea was to have a tmpfs mount on `sandboxSecretRootDir` and copy secret file there so that we won't persist anything on the filesystem. If my understanding is correct, we need to copy the file _after_ the container has been created (with tmpfs mount), while the secret is downloaded _before_ container creation. That's why the additional step. - Kapil ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/59001/#review174051 ----------------------------------------------------------- On May 5, 2017, 8:53 p.m., Kapil Arya wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/59001/ > ----------------------------------------------------------- > > (Updated May 5, 2017, 8:53 p.m.) > > > Review request for mesos, Gilbert Song, Jie Yu, and Vinod Kone. > > > Bugs: MESOS-7418 > https://issues.apache.org/jira/browse/MESOS-7418 > > > Repository: mesos > > > Description > ------- > > Added volume secret isolator. > > > Diffs > ----- > > src/CMakeLists.txt 89cbd3f5a93f4891e8272d3b1136059ab1069d01 > src/Makefile.am 29da17bee13226e18757e2ad3a7a091427fd35f4 > src/slave/containerizer/mesos/containerizer.cpp > b58baed64480e22f640a4852537f85922ed382ae > src/slave/containerizer/mesos/isolators/volume/secret.hpp PRE-CREATION > src/slave/containerizer/mesos/isolators/volume/secret.cpp PRE-CREATION > src/tests/CMakeLists.txt 9f2af9cdd1cf50485f4cd84ce67bcceba64b9328 > src/tests/containerizer/rootfs.cpp fdfecc65a3fcd19d6a4dfa574320f4d1f2755322 > src/tests/containerizer/volume_secret_isolator_tests.cpp PRE-CREATION > > > Diff: https://reviews.apache.org/r/59001/diff/3/ > > > Testing > ------- > > Added new tests an ran `make check`. > > > Thanks, > > Kapil Arya > >
