[jira] [Commented] (AURORA-1755) Mounts created by executor when using filesystem isolation are leaking to the host filesystem's mtab

Joshua Cohen (JIRA) Sat, 27 Aug 2016 11:07:01 -0700

    [ 
https://issues.apache.org/jira/browse/AURORA-1755?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15441991#comment-15441991
 ]


Joshua Cohen commented on AURORA-1755:
--------------------------------------

This this seems strange to me. I've confirmed that the mount namespace *is* 
different for the host and the running executor:

>From the host:
{noformat}
$ stat /proc/self/ns/mnt
  File: ‘/proc/self/ns/mnt’ -> ‘mnt:[4026531840]’
  Size: 0               Blocks: 0          IO Block: 1024   symbolic link
Device: 3h/3d   Inode: 857041      Links: 1
Access: (0777/lrwxrwxrwx)  Uid: ( 1000/ vagrant)   Gid: ( 1000/ vagrant)
Access: 2016-08-27 17:36:10.392088064 +0000
Modify: 2016-08-27 17:36:10.392088064 +0000
Change: 2016-08-27 17:36:10.392088064 +0000
 Birth: -
{noformat}

>From the executor before it does any mounting:
{noformat}
File: '/proc/self/ns/mnt' -> 'mnt:[4026532188]'
  Size: 0               Blocks: 0          IO Block: 1024   symbolic link
Device: 3h/3d   Inode: 855981      Links: 1
Access: (0777/lrwxrwxrwx)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2016-08-27 17:31:15.252090817 +0000
Modify: 2016-08-27 17:31:15.252090817 +0000
Change: 2016-08-27 17:31:15.252090817 +0000
 Birth: -
{noformat}

And from a process in the task (i.e. something launched by mesos-containerizer 
in the isolated filesystem):
{noformat}
  File: '/proc/self/ns/mnt' -> 'mnt:[4026532189]'
  Size: 0               Blocks: 0          IO Block: 1024   symbolic link
Device: 3h/3d   Inode: 856914      Links: 1
Access: (0777/lrwxrwxrwx)  Uid: ( 1000/ vagrant)   Gid: ( 1000/ vagrant)
Access: 2016-08-27 17:31:19.140090780 +0000
Modify: 2016-08-27 17:31:19.140090780 +0000
Change: 2016-08-27 17:31:19.140090780 +0000
 Birth: -
{noformat}

The value in the brackets after 'mnt' is the namespace, so on the host it's 
4026531840, for the executor it's 4026532188 and for the launched process it's: 
4026532189

> Mounts created by executor when using filesystem isolation are leaking to the 
> host filesystem's mtab
> ----------------------------------------------------------------------------------------------------
>
>                 Key: AURORA-1755
>                 URL: https://issues.apache.org/jira/browse/AURORA-1755
>             Project: Aurora
>          Issue Type: Bug
>          Components: Executor
>            Reporter: Joshua Cohen
>
> {noformat}
> $ cat /etc/mtab |grep /var/lib/mesos |wc -l
> 432
> {noformat}
> In theory this should not be happening, because the executor should be 
> running in its own mount namespace. In practice... something is awry. Should 
> talk to Mesos folks to see what's going on, but we have a few easy solutions 
> regardless:
> add the -n flag to the mount command to not create the mtab entry.
> run the mount commands through mesos-containerizer launch's --pre-exec which 
> will create the mount in the isolated fileystem's namespace.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (AURORA-1755) Mounts created by executor when using filesystem isolation are leaking to the host filesystem's mtab

Reply via email to