[
https://issues.apache.org/jira/browse/MESOS-9769?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16861582#comment-16861582
]
Gilbert Song commented on MESOS-9769:
-------------------------------------
commit 1961e41a61def2b7baca7563c0b7e1855880b55c
Author: Qian Zhang <[email protected]>
Date: Tue Jun 11 15:50:47 2019 -0700
Improved container-specific cgroups test by checking `cpu.shares`.
This is to ensure the symbolic links (see below as an example) we
create for the container exist.
ln -s /sys/fs/cgroup/cpu,cpuacct /sys/fs/cgroup/cpu
Review: https://reviews.apache.org/r/70827/
commit f24c54e85e08bc9c8b118cce29ad487661a0ffc6
Author: Qian Zhang <[email protected]>
Date: Tue Jun 11 15:50:43 2019 -0700
Supported file operations for command tasks.
Review: https://reviews.apache.org/r/70826/
> Add direct containerized support for filesystem operations.
> -----------------------------------------------------------
>
> Key: MESOS-9769
> URL: https://issues.apache.org/jira/browse/MESOS-9769
> Project: Mesos
> Issue Type: Improvement
> Components: containerization
> Reporter: James Peach
> Assignee: James Peach
> Priority: Major
> Fix For: 1.9.0
>
>
> When setting up the container filesystems, we use `pre_exec_commands` to make
> ABI symlinks and other things. The problem with this is that, depending of
> the order of operations, we may not have the full security policy in place
> yet, but since we are running in the context of the container's mount
> namespaces, the programs we execute are under the control of whoever built
> the container image.
> [~jieyu] and I previously discussed adding filesystem operations to the
> `ContainerLaunchInfo`. Just `ln` would be sufficient for the `cgroups` and
> `linux/filesystem` isolators. Secrets and port mapping isolators need more,
> so we should discuss and file new tickets if necessary.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
