[
https://issues.apache.org/jira/browse/AURORA-1755?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15442057#comment-15442057
]
Ian Downes commented on AURORA-1755:
------------------------------------
Mounts in different namespaces can be "shared", "private", or "slave" (also
"unbindable"). In this case I believe they are shared mounts so they're also
visible in the parent mount namespace, i.e., the host's namespace. They might
also be slave mounts but I don't have the code in front of me to check. See the
kernel
[documentation|https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt]
for all the gory details.
> Mounts created by executor when using filesystem isolation are leaking to the
> host filesystem's mtab
> ----------------------------------------------------------------------------------------------------
>
> Key: AURORA-1755
> URL: https://issues.apache.org/jira/browse/AURORA-1755
> Project: Aurora
> Issue Type: Bug
> Components: Executor
> Reporter: Joshua Cohen
>
> {noformat}
> $ cat /etc/mtab |grep /var/lib/mesos |wc -l
> 432
> {noformat}
> In theory this should not be happening, because the executor should be
> running in its own mount namespace. In practice... something is awry. Should
> talk to Mesos folks to see what's going on, but we have a few easy solutions
> regardless:
> add the -n flag to the mount command to not create the mtab entry.
> run the mount commands through mesos-containerizer launch's --pre-exec which
> will create the mount in the isolated fileystem's namespace.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
