[ https://issues.apache.org/jira/browse/AURORA-1755?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15442057#comment-15442057 ]
Ian Downes commented on AURORA-1755: ------------------------------------ Mounts in different namespaces can be "shared", "private", or "slave" (also "unbindable"). In this case I believe they are shared mounts so they're also visible in the parent mount namespace, i.e., the host's namespace. They might also be slave mounts but I don't have the code in front of me to check. See the kernel [documentation|https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt] for all the gory details. > Mounts created by executor when using filesystem isolation are leaking to the > host filesystem's mtab > ---------------------------------------------------------------------------------------------------- > > Key: AURORA-1755 > URL: https://issues.apache.org/jira/browse/AURORA-1755 > Project: Aurora > Issue Type: Bug > Components: Executor > Reporter: Joshua Cohen > > {noformat} > $ cat /etc/mtab |grep /var/lib/mesos |wc -l > 432 > {noformat} > In theory this should not be happening, because the executor should be > running in its own mount namespace. In practice... something is awry. Should > talk to Mesos folks to see what's going on, but we have a few easy solutions > regardless: > add the -n flag to the mount command to not create the mtab entry. > run the mount commands through mesos-containerizer launch's --pre-exec which > will create the mount in the isolated fileystem's namespace. -- This message was sent by Atlassian JIRA (v6.3.4#6332)