Re: Review Request 61428: Added pid ns sharing based on agent flag and protobuf message field.

Mon, 07 Aug 2017 16:50:49 -0700 


> On Aug. 4, 2017, 5:33 p.m., Gilbert Song wrote:
> > src/slave/containerizer/mesos/isolators/namespaces/pid.cpp
> > Lines 130 (patched)
> > <https://reviews.apache.org/r/61428/diff/2/?file=1789465#file1789465line132>
> >
> >     Could we reverse two logics above? so that we can avoid the size check 
> > here. E.g.,
> >     ```
> >         if (sharePidNamespace) {
> >           return launchInfo;
> >         }
> >     ```
> >     
> >     similar to the short circuit logic for DEBUG container.
> 
> Qian Zhang wrote:
>     Could you elaborate a bit more? Which two logics are you talking about?

Do you think this logic looks clearer (please help verify its correctness 
first)?
```
  ContainerLaunchInfo launchInfo;

  bool sharePidNamespace =
    containerConfig.container_info().linux_info().share_pid_namespace();

  if (containerId.has_parent()) {
    launchInfo.add_enter_namespaces(CLONE_NEWPID);

    if (containerConfig.has_container_class() &&
        containerConfig.container_class() == ContainerClass::DEBUG) {
      return launchInfo;
    }
  } else {
    if (flags.disallow_sharing_agent_pid_namespace && sharePidNamespace) {
      return Failure(
          "Sharing agent pid namespace with "
          "top-level container is not allowed");
    }
  }

  if (sharePidNamespace) {
    return launchInfo;
  }

  launchInfo.add_clone_namespaces(CLONE_NEWPID);
  launchInfo.add_pre_exec_commands()->set_value(
      "mount -n -t proc proc /proc -o nosuid,noexec,nodev");

  return launchInfo;
```


- Gilbert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61428/#review182235
-----------------------------------------------------------


On Aug. 6, 2017, 7:55 p.m., Qian Zhang wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61428/
> -----------------------------------------------------------
> 
> (Updated Aug. 6, 2017, 7:55 p.m.)
> 
> 
> Review request for mesos, Gastón Kleiman, Gilbert Song, Jie Yu, Kevin Klues, 
> and Vinod Kone.
> 
> 
> Bugs: MESOS-7853
>     https://issues.apache.org/jira/browse/MESOS-7853
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Added pid ns sharing based on agent flag and protobuf message field.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/namespaces/pid.hpp 
> 2b316dbdf4a3735771af5bed80c6251d0d1cbd50 
>   src/slave/containerizer/mesos/isolators/namespaces/pid.cpp 
> f1dfc9f7398ffc029d7180d7f014a515338cb3f4 
> 
> 
> Diff: https://reviews.apache.org/r/61428/diff/4/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Qian Zhang
> 
>

Reply via email to