Re: Review Request 25865: Pid namespace isolator for the MesosContainerizer.

Fri, 03 Oct 2014 11:26:18 -0700 


> On Sept. 25, 2014, 6:17 p.m., Vinod Kone wrote:
> > src/slave/containerizer/isolators/namespaces/pid.hpp, line 28
> > <https://reviews.apache.org/r/25865/diff/2/?file=703446#file703446line28>
> >
> >     s/NamespacesPid/PidNamespace/ ?

I'm following the convention set by Cgroups{Mem,Cpu}IsolatorProcess. If it's 
too clumsy I'll rename it?


> On Sept. 25, 2014, 6:17 p.m., Vinod Kone wrote:
> > src/slave/containerizer/isolators/namespaces/pid.cpp, line 87
> > <https://reviews.apache.org/r/25865/diff/2/?file=703447#file703447line87>
> >
> >     Who is calling this method?

Used by the launcher to determine if it can kill pid 1 and wait for the kernel 
to kill others.


> On Sept. 25, 2014, 6:17 p.m., Vinod Kone wrote:
> > src/slave/containerizer/linux_launcher.cpp, line 362
> > <https://reviews.apache.org/r/25865/diff/2/?file=703448#file703448line362>
> >
> >     why is this pulled out?

Because it's used in the block below and I want to remove it in only place in 
the code rather than before each return.


- Ian


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25865/#review54637
-----------------------------------------------------------


On Oct. 2, 2014, 11:23 a.m., Ian Downes wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/25865/
> -----------------------------------------------------------
> 
> (Updated Oct. 2, 2014, 11:23 a.m.)
> 
> 
> Review request for mesos, Jie Yu and Vinod Kone.
> 
> 
> Repository: mesos-git
> 
> 
> Description
> -------
> 
> Add namespaces/pid to --isolation slave flag. Places executor into a pid 
> namespace so it and all descendants will be contained in the namespace. 
> Requires the filesystem/shared isolator so /proc and /sys are remounted to 
> reflect the different namespace.
> 
> 
> Diffs
> -----
> 
>   src/Makefile.am 27c42dfde45a449750132e416b4eaf776f8c5e3b 
>   src/slave/containerizer/isolators/filesystem/shared.cpp PRE-CREATION 
>   src/slave/containerizer/isolators/namespaces/pid.hpp PRE-CREATION 
>   src/slave/containerizer/isolators/namespaces/pid.cpp PRE-CREATION 
>   src/slave/containerizer/linux_launcher.cpp 
> f7bc894830a7ca3f55465dacc7b653cdc2d7758b 
>   src/slave/containerizer/mesos/containerizer.cpp 
> 9d083294caa5c5a47ba3ceaa1b57346144cb795c 
>   src/tests/isolator_tests.cpp c38f87632cb6984543cb3767dbd656cde7459610 
> 
> Diff: https://reviews.apache.org/r/25865/diff/
> 
> 
> Testing
> -------
> 
> Added test that command in pid namespaced container is in a different 
> namespace and that the command is 'init' (verifies remount of /proc).
> 
> 
> Thanks,
> 
> Ian Downes
> 
>

Reply via email to