In addition to cpu and memory isolation, you will get process isolation. With posix isolation, processes can "escape" from the slave (e.g. something that double-forks and uses setsid).
On Mon, Jun 9, 2014 at 9:02 AM, Jie Yu <[email protected]> wrote: > Hi Dick, > > >> what croup isolation provides over stock posix / process isolation > > > Currently, mesos provides cpu and memory isolation through cgroups on > Linux boxes '--isolation=cgroups/cpu,cgroups/mem' > > the configuration required to setup cgroups > > > If no other service on the host uses cgroup (no cgroup subsystems being > mounted), then it should be pretty simple because mesos will mount > corresponding subsystems for you. You can choose the root hierarchy using > the following slave flag: > > add(&Flags::cgroups_hierarchy, > "cgroups_hierarchy", > "The path to the cgroups hierarchy root\n", > "/sys/fs/cgroup"); > > If some services on the host are using cgroup (e.g, systemd), then it > depends on how cgroups are mounted. > > - Jie > > > > On Mon, Jun 9, 2014 at 3:09 AM, Dick Davies <[email protected]> > wrote: > >> So we're running with default isolation (posix) >> and thinking about enabling cgroups (mesos 0.17.0 >> right now but the upgrade to 0.18.2 was seamless >> in dev. so that'll probably happen too). >> >> I just need to justify the effort and extra complexity, >> so can someone explain briefly >> >> * what croup isolation provides over stock posix / process isolation >> * the configuration required to setup cgroups >> >> Thanks! >> > >
