[
https://issues.apache.org/jira/browse/MESOS-8037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16184801#comment-16184801
]
Andrei Budnik commented on MESOS-8037:
--------------------------------------
Health checks use their own procedure to enter namespaces, see
https://github.com/apache/mesos/blob/7b79d8d4fb47aca05d28033f34a1f6b75dcfbe87/src/checks/checker_process.cpp#L103-L139
Health checks can't enter PID namespace. Also, the user (client code) of health
checks should pass list of namespaces in specific order, because the order we
enter namespaces is important. To solve these problems we could use
{{ns::clone}}, but it returns a pid of a process, which is not our child, thus
we can't get its return code which is needed for health checks.
Also, this feature can be used somehow in mesos containerizer, e.g. for logging
status of an exited process:
https://github.com/apache/mesos/blob/7b79d8d4fb47aca05d28033f34a1f6b75dcfbe87/src/slave/containerizer/mesos/linux_launcher.cpp#L480
> ns::clone should spawn process, which is a direct child
> -------------------------------------------------------
>
> Key: MESOS-8037
> URL: https://issues.apache.org/jira/browse/MESOS-8037
> Project: Mesos
> Issue Type: Improvement
> Reporter: Andrei Budnik
>
> `ns::clone` does double-fork in order to be able to enter given PID namespace
> and returns grandchild's pid, which is not a direct child of a parent
> process, hence parent process can not retrieve status of an exited grandchild
> process.
> As second fork is implemented via `os::clone`, we can pass `CLONE_PARENT`
> flag. Also, we have to handle both intermediate child process and grandchild
> process to avoid zombies.
> Motivation behind this improvement is that both `docker exec` and `LXC
> attach` can enter process' PID namespace, while still controlling child's
> status code.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
