> On June 23, 2018, 8:07 a.m., Gilbert Song wrote: > > src/slave/containerizer/mesos/launch.cpp > > Lines 676-680 (original) > > <https://reviews.apache.org/r/67662/diff/1/?file=2042649#file2042649line676> > > > > I just created https://issues.apache.org/jira/browse/MESOS-9023 > > > > Could we add a TODO which mention that we want to add this check back > > once MESOS-9023 is resolved? > > > > The reason we need this check is mount propagation, see > > `MountPropagation` protobuf message in mesos.proto. Currently we do allow > > users to configure whether they want the mounts for a container to > > propagate back to the host filesystems. We don't want to allow it for > > command task.
If we do not want to allow the mounts for a container to propagate back to the host filesystems for command task, then we need to ensure there is no mounts with `MS_SHARED` rather than simply disallowing any mounts, right? - Qian ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67662/#review205255 ----------------------------------------------------------- On June 20, 2018, 10:37 a.m., Qian Zhang wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/67662/ > ----------------------------------------------------------- > > (Updated June 20, 2018, 10:37 a.m.) > > > Review request for mesos, Gilbert Song and Jason Lai. > > > Bugs: MESOS-8327 > https://issues.apache.org/jira/browse/MESOS-8327 > > > Repository: mesos > > > Description > ------- > > Allowed mounts if the container is launched in a new mount namespace. > > > Diffs > ----- > > src/slave/containerizer/mesos/launch.cpp > cec6558d0ac61bf0fec87d2e101e8f84730a765a > > > Diff: https://reviews.apache.org/r/67662/diff/1/ > > > Testing > ------- > > > Thanks, > > Qian Zhang > >
