[jira] [Updated] (MESOS-3178) Perform a self bind mount of rootfs itself in fs::chroot::enter.
[ https://issues.apache.org/jira/browse/MESOS-3178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jie Yu updated MESOS-3178: -- Fix Version/s: 0.24.0 Perform a self bind mount of rootfs itself in fs::chroot::enter. Key: MESOS-3178 URL: https://issues.apache.org/jira/browse/MESOS-3178 Project: Mesos Issue Type: Bug Reporter: Jie Yu Assignee: Jie Yu Fix For: 0.24.0 Syscall 'pivot_root' requires that the old and the new root are not in the same filesystem. Otherwise, the user will receive a Device or resource busy error. Currently, we rely on the provisioner to prepare the rootfs and do proper bind mount if needed so that pivot_root can succeed. The drawback of this approach is that it potentially pollutes the host mount table which requires cleanup logics. For instance, in the test, we create a test rootfs by copying the host files. We need to do a self bind mount so that we can pivot_root on it. That pollute the host mount table and it might leak mounts if test crashes before we do the lazy umount: https://github.com/apache/mesos/blob/master/src/tests/containerizer/launch_tests.cpp#L96-L102 What I propose is that we always perform a recursive self bind mount of rootfs itself in fs::chroot::enter (after enter the new mount namespace). Seems that this is also done in libcontainer: https://github.com/opencontainers/runc/blob/master/libcontainer/rootfs_linux.go#L402 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (MESOS-3178) Perform a self bind mount of rootfs itself in fs::chroot::enter.
[ https://issues.apache.org/jira/browse/MESOS-3178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jie Yu updated MESOS-3178: -- Sprint: Twitter Mesos Q3 Sprint 2 Story Points: 2 Perform a self bind mount of rootfs itself in fs::chroot::enter. Key: MESOS-3178 URL: https://issues.apache.org/jira/browse/MESOS-3178 Project: Mesos Issue Type: Bug Reporter: Jie Yu Syscall 'pivot_root' requires that the old and the new root are not in the same filesystem. Otherwise, the user will receive a Device or resource busy error. Currently, we reply on the provisioner to prepare the rootfs and do proper bind mount if needed so that pivot_root can succeed. The drawback of this approach is that it potentially pollutes the host mount table which requires cleanup logics. For instance, in the test, we create a test rootfs by copying the host files. We need to do a self bind mount so that we can pivot_root on it. That pollute the host mount table and it might leak mounts if test crashes before we do the lazy umount: https://github.com/apache/mesos/blob/master/src/tests/containerizer/launch_tests.cpp#L96-L102 What I propose is that we always perform a recursive self bind mount of rootfs itself in fs::chroot::enter (after enter the new mount namespace). Seems that this is also done in libcontainer: https://github.com/opencontainers/runc/blob/master/libcontainer/rootfs_linux.go#L402 -- This message was sent by Atlassian JIRA (v6.3.4#6332)
