> On Aug. 5, 2017, 8:33 a.m., Gilbert Song wrote:
> > src/slave/containerizer/mesos/isolators/namespaces/pid.cpp
> > Lines 130 (patched)
> > <https://reviews.apache.org/r/61428/diff/2/?file=1789465#file1789465line132>
> >
> >     Could we reverse two logics above? so that we can avoid the size check 
> > here. E.g.,
> >     ```
> >         if (sharePidNamespace) {
> >           return launchInfo;
> >         }
> >     ```
> >     
> >     similar to the short circuit logic for DEBUG container.
> 
> Qian Zhang wrote:
>     Could you elaborate a bit more? Which two logics are you talking about?
> 
> Gilbert Song wrote:
>     Do you think this logic looks clearer (please help verify its correctness 
> first)?
>     ```
>       ContainerLaunchInfo launchInfo;
>     
>       bool sharePidNamespace =
>         containerConfig.container_info().linux_info().share_pid_namespace();
>     
>       if (containerId.has_parent()) {
>         launchInfo.add_enter_namespaces(CLONE_NEWPID);
>     
>         if (containerConfig.has_container_class() &&
>             containerConfig.container_class() == ContainerClass::DEBUG) {
>           return launchInfo;
>         }
>       } else {
>         if (flags.disallow_sharing_agent_pid_namespace && sharePidNamespace) {
>           return Failure(
>               "Sharing agent pid namespace with "
>               "top-level container is not allowed");
>         }
>       }
>     
>       if (sharePidNamespace) {
>         return launchInfo;
>       }
>     
>       launchInfo.add_clone_namespaces(CLONE_NEWPID);
>       launchInfo.add_pre_exec_commands()->set_value(
>           "mount -n -t proc proc /proc -o nosuid,noexec,nodev");
>     
>       return launchInfo;
>     ```

Yeah, it's correct and clearer, thanks Gilbert!


- Qian


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61428/#review182235
-----------------------------------------------------------


On Aug. 8, 2017, 5:40 p.m., Qian Zhang wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61428/
> -----------------------------------------------------------
> 
> (Updated Aug. 8, 2017, 5:40 p.m.)
> 
> 
> Review request for mesos, Gastón Kleiman, Gilbert Song, Jie Yu, Kevin Klues, 
> and Vinod Kone.
> 
> 
> Bugs: MESOS-7853
>     https://issues.apache.org/jira/browse/MESOS-7853
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Added pid ns sharing based on agent flag and protobuf message field.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/namespaces/pid.hpp 
> 2b316dbdf4a3735771af5bed80c6251d0d1cbd50 
>   src/slave/containerizer/mesos/isolators/namespaces/pid.cpp 
> f1dfc9f7398ffc029d7180d7f014a515338cb3f4 
> 
> 
> Diff: https://reviews.apache.org/r/61428/diff/5/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Qian Zhang
> 
>

Reply via email to