-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69086/
-----------------------------------------------------------
Review request for mesos, Gilbert Song, Jason Lai, Jie Yu, and Jiang Yan Xu.
Bugs: MESOS-9319
https://issues.apache.org/jira/browse/MESOS-9319
Repository: mesos
Description
-------
Previously, if the container was configured with a root filesystem,
the container `/dev` was populated by the chroot API and this API
had a special case for adding GPU devices. This change extends
the approach that was introduced in the `linux/devices` isolator
to construct the whole of the Linux container `/dev` hierarchy
before launching the container. The `linux/filesystem` isolator is
now responsible for mounting the container `/dev`, and any other
isolators that enable access to devices can simply populate device
nodes in the container devices directory. After this change, the
container '/dev' is mounted read-only so that this cannot be used
to escape any disk quota.
Diffs
-----
src/linux/fs.hpp 502f85c4a32d8658bdd701975dd5ac3d802d308e
src/linux/fs.cpp 9055ef42edd1fb90e1026d1d603a9ba902cfc1fd
src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
a47899cb528eef103f299def3bd3466905ac5b51
src/slave/containerizer/mesos/isolators/gpu/isolator.hpp
4645c625877d9451516133b24bd3959e0f49c0a9
src/slave/containerizer/mesos/isolators/gpu/isolator.cpp
dbbf92ffbe4a46cedca5b53f6ba172bfb308100e
src/slave/containerizer/mesos/isolators/linux/devices.cpp
8f8ff95ec3856ba06647637a80315365d0e66e23
src/slave/containerizer/mesos/launch.cpp
7193da0a094df3e441e185c62b3a0379a0bdc4a2
Diff: https://reviews.apache.org/r/69086/diff/1/
Testing
-------
sudo make check (Fedora 28)
Thanks,
James Peach
