> On Aug. 5, 2017, 8:33 a.m., Gilbert Song wrote: > > src/slave/containerizer/mesos/isolators/namespaces/pid.cpp > > Lines 130 (patched) > > <https://reviews.apache.org/r/61428/diff/2/?file=1789465#file1789465line132> > > > > Could we reverse two logics above? so that we can avoid the size check > > here. E.g., > > ``` > > if (sharePidNamespace) { > > return launchInfo; > > } > > ``` > > > > similar to the short circuit logic for DEBUG container. > > Qian Zhang wrote: > Could you elaborate a bit more? Which two logics are you talking about? > > Gilbert Song wrote: > Do you think this logic looks clearer (please help verify its correctness > first)? > ``` > ContainerLaunchInfo launchInfo; > > bool sharePidNamespace = > containerConfig.container_info().linux_info().share_pid_namespace(); > > if (containerId.has_parent()) { > launchInfo.add_enter_namespaces(CLONE_NEWPID); > > if (containerConfig.has_container_class() && > containerConfig.container_class() == ContainerClass::DEBUG) { > return launchInfo; > } > } else { > if (flags.disallow_sharing_agent_pid_namespace && sharePidNamespace) { > return Failure( > "Sharing agent pid namespace with " > "top-level container is not allowed"); > } > } > > if (sharePidNamespace) { > return launchInfo; > } > > launchInfo.add_clone_namespaces(CLONE_NEWPID); > launchInfo.add_pre_exec_commands()->set_value( > "mount -n -t proc proc /proc -o nosuid,noexec,nodev"); > > return launchInfo; > ```
Yeah, it's correct and clearer, thanks Gilbert! - Qian ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61428/#review182235 ----------------------------------------------------------- On Aug. 8, 2017, 5:40 p.m., Qian Zhang wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/61428/ > ----------------------------------------------------------- > > (Updated Aug. 8, 2017, 5:40 p.m.) > > > Review request for mesos, Gastón Kleiman, Gilbert Song, Jie Yu, Kevin Klues, > and Vinod Kone. > > > Bugs: MESOS-7853 > https://issues.apache.org/jira/browse/MESOS-7853 > > > Repository: mesos > > > Description > ------- > > Added pid ns sharing based on agent flag and protobuf message field. > > > Diffs > ----- > > src/slave/containerizer/mesos/isolators/namespaces/pid.hpp > 2b316dbdf4a3735771af5bed80c6251d0d1cbd50 > src/slave/containerizer/mesos/isolators/namespaces/pid.cpp > f1dfc9f7398ffc029d7180d7f014a515338cb3f4 > > > Diff: https://reviews.apache.org/r/61428/diff/5/ > > > Testing > ------- > > > Thanks, > > Qian Zhang > >
