Re: Review Request 31444: Support chrooting in MesosContainerizer launch helper.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/#review90757 --- Bad patch! Reviews applied: [32891, 31444] Failed command: ./support/apply-review.sh -n -r 31444 Error: 2015-07-07 18:42:10 URL:https://reviews.apache.org/r/31444/diff/raw/ [12941/12941] - 31444.patch [1] error: patch failed: src/slave/containerizer/mesos/launch.cpp:20 error: src/slave/containerizer/mesos/launch.cpp: patch does not apply Failed to apply patch - Mesos ReviewBot On July 7, 2015, 6:33 p.m., Ian Downes wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/ --- (Updated July 7, 2015, 6:33 p.m.) Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, Jie Yu, and James Peach. Bugs: MESOS-2350 https://issues.apache.org/jira/browse/MESOS-2350 Repository: mesos Description --- Optionally take a path that the launch helper should chroot to before exec'ing the executor. It is assumed that the work directory is mounted to the appropriate location under the chroot. In particular, the path to the executor must be relative to the chroot. Configuration that should be private to the chroot is done during the launch, e.g. mounting proc and statically configuring basic devices. It is assumed that other configuration, e.g., preparing the image, mounting in volumes or persistent resources, is done by the caller. Mounts can be made to the chroot (e.g., updating the volumes or persistent resources) and they will propagate in to the container but mounts made inside the container will not propagate out to the host. It currently assumes that at least {{chroot}}/tmp is writeable and that mount points {{chroot}}/{tmp,dev,proc,sys} exist in the chroot. This is specific to Linux. Diffs - src/Makefile.am e7de0f3d1a5efeaef47d5074defe3b40db94f573 src/linux/fs.cpp 568565f878b34708170a886dc4d62849aa01f263 src/slave/containerizer/mesos/launch.hpp 7c8b535746b5ce9add00afef86fdb6faefb5620e src/slave/containerizer/mesos/launch.cpp 2f2d60e2011f60ec711d3b29fd2c157e30c83c34 src/tests/launch_tests.cpp PRE-CREATION Diff: https://reviews.apache.org/r/31444/diff/ Testing --- Manual testing only so far. This is harder to automate because we need a self-contained chroot to execute something in... Suggestions welcome. Thanks, Ian Downes
Re: Review Request 31444: Support chrooting in MesosContainerizer launch helper.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/ --- (Updated July 7, 2015, 11:33 a.m.) Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, Jie Yu, and James Peach. Bugs: MESOS-2350 https://issues.apache.org/jira/browse/MESOS-2350 Repository: mesos Description --- Optionally take a path that the launch helper should chroot to before exec'ing the executor. It is assumed that the work directory is mounted to the appropriate location under the chroot. In particular, the path to the executor must be relative to the chroot. Configuration that should be private to the chroot is done during the launch, e.g. mounting proc and statically configuring basic devices. It is assumed that other configuration, e.g., preparing the image, mounting in volumes or persistent resources, is done by the caller. Mounts can be made to the chroot (e.g., updating the volumes or persistent resources) and they will propagate in to the container but mounts made inside the container will not propagate out to the host. It currently assumes that at least {{chroot}}/tmp is writeable and that mount points {{chroot}}/{tmp,dev,proc,sys} exist in the chroot. This is specific to Linux. Diffs - src/Makefile.am e7de0f3d1a5efeaef47d5074defe3b40db94f573 src/linux/fs.cpp 568565f878b34708170a886dc4d62849aa01f263 src/slave/containerizer/mesos/launch.hpp 7c8b535746b5ce9add00afef86fdb6faefb5620e src/slave/containerizer/mesos/launch.cpp 2f2d60e2011f60ec711d3b29fd2c157e30c83c34 src/tests/launch_tests.cpp PRE-CREATION Diff: https://reviews.apache.org/r/31444/diff/ Testing --- Manual testing only so far. This is harder to automate because we need a self-contained chroot to execute something in... Suggestions welcome. Thanks, Ian Downes
Re: Review Request 31444: Support chrooting in MesosContainerizer launch helper.
On June 29, 2015, 4:29 p.m., Jiang Yan Xu wrote: src/slave/containerizer/mesos/launch.cpp, lines 64-65 https://reviews.apache.org/r/31444/diff/7/?file=989735#file989735line64 must be relative to is really is interpreted as relative to right? Just wanted be sure clarify: 1) Should the user specify an absolute path with a preceding /? 2) The directory path as observed by processes outside the choot jail is `path::join(rootfs, directory)` right? 1) Yes, absolute path. Added this to the description. 2) Yes. On June 29, 2015, 4:29 p.m., Jiang Yan Xu wrote: src/slave/containerizer/mesos/launch.cpp, lines 259-260 https://reviews.apache.org/r/31444/diff/7/?file=989735#file989735line259 This must be an absolute path As in, if the flags specifies a path without a preceding slash this throws an error? This is not enforced is it? Actually, it's just interpreted relative to the new root since we chdir() after chroot() which will change to /. I clarified the comment. - Ian --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/#review89425 --- On June 22, 2015, 9:38 a.m., Ian Downes wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/ --- (Updated June 22, 2015, 9:38 a.m.) Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, Jie Yu, and James Peach. Bugs: MESOS-2350 https://issues.apache.org/jira/browse/MESOS-2350 Repository: mesos Description --- Optionally take a path that the launch helper should chroot to before exec'ing the executor. It is assumed that the work directory is mounted to the appropriate location under the chroot. In particular, the path to the executor must be relative to the chroot. Configuration that should be private to the chroot is done during the launch, e.g. mounting proc and statically configuring basic devices. It is assumed that other configuration, e.g., preparing the image, mounting in volumes or persistent resources, is done by the caller. Mounts can be made to the chroot (e.g., updating the volumes or persistent resources) and they will propagate in to the container but mounts made inside the container will not propagate out to the host. It currently assumes that at least {{chroot}}/tmp is writeable and that mount points {{chroot}}/{tmp,dev,proc,sys} exist in the chroot. This is specific to Linux. Diffs - src/Makefile.am e7de0f3d1a5efeaef47d5074defe3b40db94f573 src/linux/fs.cpp 568565f878b34708170a886dc4d62849aa01f263 src/slave/containerizer/mesos/launch.hpp 7c8b535746b5ce9add00afef86fdb6faefb5620e src/slave/containerizer/mesos/launch.cpp 2f2d60e2011f60ec711d3b29fd2c157e30c83c34 src/tests/launch_tests.cpp PRE-CREATION Diff: https://reviews.apache.org/r/31444/diff/ Testing --- Manual testing only so far. This is harder to automate because we need a self-contained chroot to execute something in... Suggestions welcome. Thanks, Ian Downes
Re: Review Request 31444: Support chrooting in MesosContainerizer launch helper.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/#review89425 --- src/slave/containerizer/mesos/launch.cpp (lines 64 - 65) https://reviews.apache.org/r/31444/#comment142621 must be relative to is really is interpreted as relative to right? Just wanted be sure clarify: 1) Should the user specify an absolute path with a preceding /? 2) The directory path as observed by processes outside the choot jail is `path::join(rootfs, directory)` right? src/slave/containerizer/mesos/launch.cpp (lines 259 - 260) https://reviews.apache.org/r/31444/#comment142612 This must be an absolute path As in, if the flags specifies a path without a preceding slash this throws an error? This is not enforced is it? - Jiang Yan Xu On June 22, 2015, 9:38 a.m., Ian Downes wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/ --- (Updated June 22, 2015, 9:38 a.m.) Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, Jie Yu, and James Peach. Bugs: MESOS-2350 https://issues.apache.org/jira/browse/MESOS-2350 Repository: mesos Description --- Optionally take a path that the launch helper should chroot to before exec'ing the executor. It is assumed that the work directory is mounted to the appropriate location under the chroot. In particular, the path to the executor must be relative to the chroot. Configuration that should be private to the chroot is done during the launch, e.g. mounting proc and statically configuring basic devices. It is assumed that other configuration, e.g., preparing the image, mounting in volumes or persistent resources, is done by the caller. Mounts can be made to the chroot (e.g., updating the volumes or persistent resources) and they will propagate in to the container but mounts made inside the container will not propagate out to the host. It currently assumes that at least {{chroot}}/tmp is writeable and that mount points {{chroot}}/{tmp,dev,proc,sys} exist in the chroot. This is specific to Linux. Diffs - src/Makefile.am e7de0f3d1a5efeaef47d5074defe3b40db94f573 src/linux/fs.cpp 568565f878b34708170a886dc4d62849aa01f263 src/slave/containerizer/mesos/launch.hpp 7c8b535746b5ce9add00afef86fdb6faefb5620e src/slave/containerizer/mesos/launch.cpp 2f2d60e2011f60ec711d3b29fd2c157e30c83c34 src/tests/launch_tests.cpp PRE-CREATION Diff: https://reviews.apache.org/r/31444/diff/ Testing --- Manual testing only so far. This is harder to automate because we need a self-contained chroot to execute something in... Suggestions welcome. Thanks, Ian Downes
Re: Review Request 31444: Support chrooting in MesosContainerizer launch helper.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/#review88814 --- src/tests/launch_tests.cpp (lines 118 - 120) https://reviews.apache.org/r/31444/#comment141402 This is not needed? src/tests/launch_tests.cpp (lines 186 - 187) https://reviews.apache.org/r/31444/#comment141404 No snake case please. Also, do you still need this? - Jie Yu On June 22, 2015, 4:38 p.m., Ian Downes wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/ --- (Updated June 22, 2015, 4:38 p.m.) Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, Jie Yu, and James Peach. Bugs: MESOS-2350 https://issues.apache.org/jira/browse/MESOS-2350 Repository: mesos Description --- Optionally take a path that the launch helper should chroot to before exec'ing the executor. It is assumed that the work directory is mounted to the appropriate location under the chroot. In particular, the path to the executor must be relative to the chroot. Configuration that should be private to the chroot is done during the launch, e.g. mounting proc and statically configuring basic devices. It is assumed that other configuration, e.g., preparing the image, mounting in volumes or persistent resources, is done by the caller. Mounts can be made to the chroot (e.g., updating the volumes or persistent resources) and they will propagate in to the container but mounts made inside the container will not propagate out to the host. It currently assumes that at least {{chroot}}/tmp is writeable and that mount points {{chroot}}/{tmp,dev,proc,sys} exist in the chroot. This is specific to Linux. Diffs - src/Makefile.am e7de0f3d1a5efeaef47d5074defe3b40db94f573 src/linux/fs.cpp 568565f878b34708170a886dc4d62849aa01f263 src/slave/containerizer/mesos/launch.hpp 7c8b535746b5ce9add00afef86fdb6faefb5620e src/slave/containerizer/mesos/launch.cpp 2f2d60e2011f60ec711d3b29fd2c157e30c83c34 src/tests/launch_tests.cpp PRE-CREATION Diff: https://reviews.apache.org/r/31444/diff/ Testing --- Manual testing only so far. This is harder to automate because we need a self-contained chroot to execute something in... Suggestions welcome. Thanks, Ian Downes
Re: Review Request 31444: Support chrooting in MesosContainerizer launch helper.
On June 19, 2015, 2:06 p.m., Jie Yu wrote: src/tests/launch_tests.cpp, lines 96-101 https://reviews.apache.org/r/31444/diff/6/?file=975951#file975951line96 Can you explain why this is needed? Maybe add a comment or something? If this is not strictly needed, I would remove it because a crash of the test will polute the host mount table. It is needed so I added a comment stating why. I also added code to do a lazy umount for when the test completes or crashes so it wont' pollute the host mount table (though there's a tiny window before the umount). - Ian --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/#review88581 --- On June 1, 2015, 2:50 p.m., Ian Downes wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/ --- (Updated June 1, 2015, 2:50 p.m.) Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, Jie Yu, and James Peach. Bugs: MESOS-2350 https://issues.apache.org/jira/browse/MESOS-2350 Repository: mesos Description --- Optionally take a path that the launch helper should chroot to before exec'ing the executor. It is assumed that the work directory is mounted to the appropriate location under the chroot. In particular, the path to the executor must be relative to the chroot. Configuration that should be private to the chroot is done during the launch, e.g. mounting proc and statically configuring basic devices. It is assumed that other configuration, e.g., preparing the image, mounting in volumes or persistent resources, is done by the caller. Mounts can be made to the chroot (e.g., updating the volumes or persistent resources) and they will propagate in to the container but mounts made inside the container will not propagate out to the host. It currently assumes that at least {{chroot}}/tmp is writeable and that mount points {{chroot}}/{tmp,dev,proc,sys} exist in the chroot. This is specific to Linux. Diffs - src/Makefile.am a5a7306b1ef65ca2b643653779ab76c26dbb5c90 src/linux/fs.cpp 1c9cf3f2ffead37148e4f6a81cefdbb97f679b09 src/slave/containerizer/mesos/launch.hpp 7c8b535746b5ce9add00afef86fdb6faefb5620e src/slave/containerizer/mesos/launch.cpp 2f2d60e2011f60ec711d3b29fd2c157e30c83c34 src/tests/launch_tests.cpp PRE-CREATION Diff: https://reviews.apache.org/r/31444/diff/ Testing --- Manual testing only so far. This is harder to automate because we need a self-contained chroot to execute something in... Suggestions welcome. Thanks, Ian Downes
Re: Review Request 31444: Support chrooting in MesosContainerizer launch helper.
On June 4, 2015, 11:32 a.m., Chi Zhang wrote: src/tests/launch_tests.cpp, line 91 https://reviews.apache.org/r/31444/diff/6/?file=975951#file975951line91 for discussion: this requires these directories not existent in rootfs. should we specify requirements for the structure under rootfs? It's building a new chroot environment so the directories definitely don't exist. - Ian --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/#review86675 --- On June 1, 2015, 2:50 p.m., Ian Downes wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/ --- (Updated June 1, 2015, 2:50 p.m.) Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, Jie Yu, and James Peach. Bugs: MESOS-2350 https://issues.apache.org/jira/browse/MESOS-2350 Repository: mesos Description --- Optionally take a path that the launch helper should chroot to before exec'ing the executor. It is assumed that the work directory is mounted to the appropriate location under the chroot. In particular, the path to the executor must be relative to the chroot. Configuration that should be private to the chroot is done during the launch, e.g. mounting proc and statically configuring basic devices. It is assumed that other configuration, e.g., preparing the image, mounting in volumes or persistent resources, is done by the caller. Mounts can be made to the chroot (e.g., updating the volumes or persistent resources) and they will propagate in to the container but mounts made inside the container will not propagate out to the host. It currently assumes that at least {{chroot}}/tmp is writeable and that mount points {{chroot}}/{tmp,dev,proc,sys} exist in the chroot. This is specific to Linux. Diffs - src/Makefile.am a5a7306b1ef65ca2b643653779ab76c26dbb5c90 src/linux/fs.cpp 1c9cf3f2ffead37148e4f6a81cefdbb97f679b09 src/slave/containerizer/mesos/launch.hpp 7c8b535746b5ce9add00afef86fdb6faefb5620e src/slave/containerizer/mesos/launch.cpp 2f2d60e2011f60ec711d3b29fd2c157e30c83c34 src/tests/launch_tests.cpp PRE-CREATION Diff: https://reviews.apache.org/r/31444/diff/ Testing --- Manual testing only so far. This is harder to automate because we need a self-contained chroot to execute something in... Suggestions welcome. Thanks, Ian Downes
Re: Review Request 31444: Support chrooting in MesosContainerizer launch helper.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/#review86675 --- src/slave/containerizer/mesos/launch.cpp https://reviews.apache.org/r/31444/#comment138738 s/it/this/ ? src/slave/containerizer/mesos/launch.cpp https://reviews.apache.org/r/31444/#comment138742 if a container root filesystem is user? src/tests/launch_tests.cpp https://reviews.apache.org/r/31444/#comment138746 check since it requires absolute path? src/tests/launch_tests.cpp https://reviews.apache.org/r/31444/#comment138747 for discussion: this requires these directories not existent in rootfs. should we specify requirements for the structure under rootfs? src/tests/launch_tests.cpp https://reviews.apache.org/r/31444/#comment138749 nit: Construct and Use LGTM - Chi Zhang On June 1, 2015, 9:50 p.m., Ian Downes wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/ --- (Updated June 1, 2015, 9:50 p.m.) Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, Jie Yu, and James Peach. Bugs: MESOS-2350 https://issues.apache.org/jira/browse/MESOS-2350 Repository: mesos Description --- Optionally take a path that the launch helper should chroot to before exec'ing the executor. It is assumed that the work directory is mounted to the appropriate location under the chroot. In particular, the path to the executor must be relative to the chroot. Configuration that should be private to the chroot is done during the launch, e.g. mounting proc and statically configuring basic devices. It is assumed that other configuration, e.g., preparing the image, mounting in volumes or persistent resources, is done by the caller. Mounts can be made to the chroot (e.g., updating the volumes or persistent resources) and they will propagate in to the container but mounts made inside the container will not propagate out to the host. It currently assumes that at least {{chroot}}/tmp is writeable and that mount points {{chroot}}/{tmp,dev,proc,sys} exist in the chroot. This is specific to Linux. Diffs - src/Makefile.am a5a7306b1ef65ca2b643653779ab76c26dbb5c90 src/linux/fs.cpp 1c9cf3f2ffead37148e4f6a81cefdbb97f679b09 src/slave/containerizer/mesos/launch.hpp 7c8b535746b5ce9add00afef86fdb6faefb5620e src/slave/containerizer/mesos/launch.cpp 2f2d60e2011f60ec711d3b29fd2c157e30c83c34 src/tests/launch_tests.cpp PRE-CREATION Diff: https://reviews.apache.org/r/31444/diff/ Testing --- Manual testing only so far. This is harder to automate because we need a self-contained chroot to execute something in... Suggestions welcome. Thanks, Ian Downes
Re: Review Request 31444: Support chrooting in MesosContainerizer launch helper.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/#review86122 --- Patch looks great! Reviews applied: [32891, 32978, 31444] All tests passed. - Mesos ReviewBot On June 1, 2015, 9:50 p.m., Ian Downes wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/ --- (Updated June 1, 2015, 9:50 p.m.) Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, Jie Yu, and James Peach. Bugs: MESOS-2350 https://issues.apache.org/jira/browse/MESOS-2350 Repository: mesos Description --- Optionally take a path that the launch helper should chroot to before exec'ing the executor. It is assumed that the work directory is mounted to the appropriate location under the chroot. In particular, the path to the executor must be relative to the chroot. Configuration that should be private to the chroot is done during the launch, e.g. mounting proc and statically configuring basic devices. It is assumed that other configuration, e.g., preparing the image, mounting in volumes or persistent resources, is done by the caller. Mounts can be made to the chroot (e.g., updating the volumes or persistent resources) and they will propagate in to the container but mounts made inside the container will not propagate out to the host. It currently assumes that at least {{chroot}}/tmp is writeable and that mount points {{chroot}}/{tmp,dev,proc,sys} exist in the chroot. This is specific to Linux. Diffs - src/Makefile.am a5a7306b1ef65ca2b643653779ab76c26dbb5c90 src/linux/fs.cpp 1c9cf3f2ffead37148e4f6a81cefdbb97f679b09 src/slave/containerizer/mesos/launch.hpp 7c8b535746b5ce9add00afef86fdb6faefb5620e src/slave/containerizer/mesos/launch.cpp 2f2d60e2011f60ec711d3b29fd2c157e30c83c34 src/tests/launch_tests.cpp PRE-CREATION Diff: https://reviews.apache.org/r/31444/diff/ Testing --- Manual testing only so far. This is harder to automate because we need a self-contained chroot to execute something in... Suggestions welcome. Thanks, Ian Downes
Re: Review Request 31444: Support chrooting in MesosContainerizer launch helper.
On April 13, 2015, 3:49 p.m., Jie Yu wrote: src/tests/launch_tests.cpp, lines 109-110 https://reviews.apache.org/r/31444/diff/4/?file=920907#file920907line109 Why slave mount? Shouldn't this be a SHARED mount? No, we want this as a slave mount, i.e., no back propagation. - Ian --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/#review79948 --- On May 12, 2015, 5:22 p.m., Ian Downes wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/ --- (Updated May 12, 2015, 5:22 p.m.) Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, Jie Yu, and James Peach. Bugs: MESOS-2350 https://issues.apache.org/jira/browse/MESOS-2350 Repository: mesos Description --- Optionally take a path that the launch helper should chroot to before exec'ing the executor. It is assumed that the work directory is mounted to the appropriate location under the chroot. In particular, the path to the executor must be relative to the chroot. Configuration that should be private to the chroot is done during the launch, e.g. mounting proc and statically configuring basic devices. It is assumed that other configuration, e.g., preparing the image, mounting in volumes or persistent resources, is done by the caller. Mounts can be made to the chroot (e.g., updating the volumes or persistent resources) and they will propagate in to the container but mounts made inside the container will not propagate out to the host. It currently assumes that at least {{chroot}}/tmp is writeable and that mount points {{chroot}}/{tmp,dev,proc,sys} exist in the chroot. This is specific to Linux. Diffs - src/Makefile.am 14bc976a7b6a656fb58085484d25c3de3cf0f693 src/linux/fs.cpp 1c9cf3f2ffead37148e4f6a81cefdbb97f679b09 src/slave/containerizer/mesos/launch.hpp 7c8b535746b5ce9add00afef86fdb6faefb5620e src/slave/containerizer/mesos/launch.cpp 2f2d60e2011f60ec711d3b29fd2c157e30c83c34 src/tests/launch_tests.cpp PRE-CREATION Diff: https://reviews.apache.org/r/31444/diff/ Testing --- Manual testing only so far. This is harder to automate because we need a self-contained chroot to execute something in... Suggestions welcome. Thanks, Ian Downes
Re: Review Request 31444: Support chrooting in MesosContainerizer launch helper.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/ --- (Updated May 12, 2015, 5:22 p.m.) Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, Jie Yu, and James Peach. Bugs: MESOS-2350 https://issues.apache.org/jira/browse/MESOS-2350 Repository: mesos Description --- Optionally take a path that the launch helper should chroot to before exec'ing the executor. It is assumed that the work directory is mounted to the appropriate location under the chroot. In particular, the path to the executor must be relative to the chroot. Configuration that should be private to the chroot is done during the launch, e.g. mounting proc and statically configuring basic devices. It is assumed that other configuration, e.g., preparing the image, mounting in volumes or persistent resources, is done by the caller. Mounts can be made to the chroot (e.g., updating the volumes or persistent resources) and they will propagate in to the container but mounts made inside the container will not propagate out to the host. It currently assumes that at least {{chroot}}/tmp is writeable and that mount points {{chroot}}/{tmp,dev,proc,sys} exist in the chroot. This is specific to Linux. Diffs (updated) - src/Makefile.am 14bc976a7b6a656fb58085484d25c3de3cf0f693 src/linux/fs.cpp 1c9cf3f2ffead37148e4f6a81cefdbb97f679b09 src/slave/containerizer/mesos/launch.hpp 7c8b535746b5ce9add00afef86fdb6faefb5620e src/slave/containerizer/mesos/launch.cpp 2f2d60e2011f60ec711d3b29fd2c157e30c83c34 src/tests/launch_tests.cpp PRE-CREATION Diff: https://reviews.apache.org/r/31444/diff/ Testing --- Manual testing only so far. This is harder to automate because we need a self-contained chroot to execute something in... Suggestions welcome. Thanks, Ian Downes
Re: Review Request 31444: Support chrooting in MesosContainerizer launch helper.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/#review83553 --- Patch looks great! Reviews applied: [32891, 32978, 31444] All tests passed. - Mesos ReviewBot On May 13, 2015, 12:22 a.m., Ian Downes wrote: --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31444/ --- (Updated May 13, 2015, 12:22 a.m.) Review request for mesos, Chi Zhang, Dominic Hamon, Jay Buffington, Jie Yu, and James Peach. Bugs: MESOS-2350 https://issues.apache.org/jira/browse/MESOS-2350 Repository: mesos Description --- Optionally take a path that the launch helper should chroot to before exec'ing the executor. It is assumed that the work directory is mounted to the appropriate location under the chroot. In particular, the path to the executor must be relative to the chroot. Configuration that should be private to the chroot is done during the launch, e.g. mounting proc and statically configuring basic devices. It is assumed that other configuration, e.g., preparing the image, mounting in volumes or persistent resources, is done by the caller. Mounts can be made to the chroot (e.g., updating the volumes or persistent resources) and they will propagate in to the container but mounts made inside the container will not propagate out to the host. It currently assumes that at least {{chroot}}/tmp is writeable and that mount points {{chroot}}/{tmp,dev,proc,sys} exist in the chroot. This is specific to Linux. Diffs - src/Makefile.am 14bc976a7b6a656fb58085484d25c3de3cf0f693 src/linux/fs.cpp 1c9cf3f2ffead37148e4f6a81cefdbb97f679b09 src/slave/containerizer/mesos/launch.hpp 7c8b535746b5ce9add00afef86fdb6faefb5620e src/slave/containerizer/mesos/launch.cpp 2f2d60e2011f60ec711d3b29fd2c157e30c83c34 src/tests/launch_tests.cpp PRE-CREATION Diff: https://reviews.apache.org/r/31444/diff/ Testing --- Manual testing only so far. This is harder to automate because we need a self-contained chroot to execute something in... Suggestions welcome. Thanks, Ian Downes