Re: Review Request 69086: Moved container root construction to the isolators.

Tue, 30 Oct 2018 14:03:59 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69086/
-----------------------------------------------------------

(Updated Oct. 30, 2018, 9:03 p.m.)


Review request for mesos, Gilbert Song, Jason Lai, Jie Yu, and Jiang Yan Xu.


Bugs: MESOS-9319
    https://issues.apache.org/jira/browse/MESOS-9319


Repository: mesos


Description
-------

Previously, if the container was configured with a root filesytem,
the root was populated by a combination of the `fs::chroot:prepare`
API and the various isolators. The implementation details of some
isolators had leaked into the chroot code, which had a special case
for adding GPU devices.

This change moves all the responsibility for defining the
root filesystem from the `fs::chroot::prepare()` API to the
`filesystem/linux` isolator. The `filesystem/linux` isolator is
now the single place that captures how to mount the container
pseudo-filesystems as well as how to construct a proper `/dev`
directory.

Since the `linux/filesystem` isolator is now entirely responsible
for creating and mounting the container `/dev`, any other isolators
that enable access to devices can simply populate device nodes in
the container devices directory. After this change, the container
`/dev` is mounted read-only so that this cannot be used to escape
any disk quota.


Diffs (updated)
-----

  src/linux/fs.hpp 31969f6ba82bf5ee549bfdf9698a21adaa486a90 
  src/linux/fs.cpp 5cdffe1f4c7f00aee5b8f640e7cfa4a0018cfa0a 
  src/slave/containerizer/mesos/isolators/filesystem/linux.cpp 
c7d753ac2e5575a8d687600bfb9e0617fa72c990 
  src/slave/containerizer/mesos/isolators/gpu/isolator.hpp 
4645c625877d9451516133b24bd3959e0f49c0a9 
  src/slave/containerizer/mesos/isolators/gpu/isolator.cpp 
56d835779618fd965d928c6926664583e9141f79 
  src/slave/containerizer/mesos/isolators/linux/devices.cpp 
8f8ff95ec3856ba06647637a80315365d0e66e23 
  src/slave/containerizer/mesos/launch.cpp 
7193da0a094df3e441e185c62b3a0379a0bdc4a2 


Diff: https://reviews.apache.org/r/69086/diff/5/

Changes: https://reviews.apache.org/r/69086/diff/4-5/


Testing
-------

sudo make check (Fedora 28)


Thanks,

James Peach

Reply via email to