----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68257/#review207540 -----------------------------------------------------------
Fix it, then Ship it! src/slave/containerizer/mesos/utils.cpp Line 53 (original), 53-56 (patched) <https://reviews.apache.org/r/68257/#comment290935> Swap these two sentences, otherwise a reader might think that that one pair is what we skip. src/slave/containerizer/mesos/utils.cpp Lines 81-83 (patched) <https://reviews.apache.org/r/68257/#comment290938> Let's unite `candidate` and `hasGrandchild` into `Option<pid_t> candidate;` src/slave/containerizer/mesos/utils.cpp Line 120 (original), 139 (patched) <https://reviews.apache.org/r/68257/#comment290939> This will then become `candidate.getOrElse(parent);` - Alexander Rukletsov On Aug. 17, 2018, 11:44 a.m., Andrei Budnik wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68257/ > ----------------------------------------------------------- > > (Updated Aug. 17, 2018, 11:44 a.m.) > > > Review request for mesos, Alexander Rukletsov, Gilbert Song, Jie Yu, and > Kevin Klues. > > > Bugs: MESOS-9116 > https://issues.apache.org/jira/browse/MESOS-9116 > > > Repository: mesos > > > Description > ------- > > Previously, we were walking the process tree from the container's > `init` process to find the first process along the way whose `mnt` > namespace differs from the `init` process. We expected this algorithm > to always return the PID of the command executor's task. > > However, if someone launches multiple nested containers within the > process tree, the aforementioned algorithm might detect the PID of > one of those nested container instead of the command executor's task. > Even though the `mnt` namespace will be the same across all these > candidates, the detected PID might belong to a short-lived container, > which might terminate before the containerizer launcher (aka `nanny` > process) tries to enter its `mnt` namespace. > > This patch fixes the detection algorithm so that it always returns > the PID of the command executor's task. > > > Diffs > ----- > > src/slave/containerizer/mesos/utils.cpp > 30e76d1d91651975033078f5450e45f5f2fd8ba0 > > > Diff: https://reviews.apache.org/r/68257/diff/4/ > > > Testing > ------- > > 1) Internal CI with disabled > `ROOT_CGROUPS_LaunchNestedContainerSessionsInParallel` test (see previous > patch). > 2) Fedora 25: `./src/mesos-tests > --gtest_filter=*AgentAPITest.LaunchNestedContainerSessionInParallel* > --gtest_break_on_failure --gtest_repeat=100 --verbose` > > > Thanks, > > Andrei Budnik > >
