[
https://issues.apache.org/jira/browse/MESOS-9529?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jie Yu reassigned MESOS-9529:
-----------------------------
Assignee: Jie Yu
> `/proc` should be remounted even if a nested container set
> `share_pid_namespace` to true
> ----------------------------------------------------------------------------------------
>
> Key: MESOS-9529
> URL: https://issues.apache.org/jira/browse/MESOS-9529
> Project: Mesos
> Issue Type: Bug
> Components: containerization
> Affects Versions: 1.4.2, 1.5.2, 1.6.2, 1.7.1
> Reporter: Jie Yu
> Assignee: Jie Yu
> Priority: Critical
>
> Currently, if a nested container wants to share the pid namespace of its
> parent container, we allow the framework to set
> `LinuxInfo.share_pid_namespace`.
> If the nested container does not have its own rootfs (i.e., using the host
> rootfs), the `/proc` is not re-mounted:
> https://github.com/apache/mesos/blob/1.7.x/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp#L120-L126
> This is problematic because the nested container will fork host's mount
> namespace, thus inherit the `/proc` there. As a result, `/proc/<pid>` are
> still for the host pid namespace. The pid namespace of the parent container
> might be different than that of the host pid namspace.
> As a result, `ps aux` in the nested container will show all process
> information on the host pid namespace. Although, the pid namespace of the
> nested container is different than that of the host.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
