----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69086/ -----------------------------------------------------------
Review request for mesos, Gilbert Song, Jason Lai, Jie Yu, and Jiang Yan Xu. Bugs: MESOS-9319 https://issues.apache.org/jira/browse/MESOS-9319 Repository: mesos Description ------- Previously, if the container was configured with a root filesystem, the container `/dev` was populated by the chroot API and this API had a special case for adding GPU devices. This change extends the approach that was introduced in the `linux/devices` isolator to construct the whole of the Linux container `/dev` hierarchy before launching the container. The `linux/filesystem` isolator is now responsible for mounting the container `/dev`, and any other isolators that enable access to devices can simply populate device nodes in the container devices directory. After this change, the container '/dev' is mounted read-only so that this cannot be used to escape any disk quota. Diffs ----- src/linux/fs.hpp 502f85c4a32d8658bdd701975dd5ac3d802d308e src/linux/fs.cpp 9055ef42edd1fb90e1026d1d603a9ba902cfc1fd src/slave/containerizer/mesos/isolators/filesystem/linux.cpp a47899cb528eef103f299def3bd3466905ac5b51 src/slave/containerizer/mesos/isolators/gpu/isolator.hpp 4645c625877d9451516133b24bd3959e0f49c0a9 src/slave/containerizer/mesos/isolators/gpu/isolator.cpp dbbf92ffbe4a46cedca5b53f6ba172bfb308100e src/slave/containerizer/mesos/isolators/linux/devices.cpp 8f8ff95ec3856ba06647637a80315365d0e66e23 src/slave/containerizer/mesos/launch.cpp 7193da0a094df3e441e185c62b3a0379a0bdc4a2 Diff: https://reviews.apache.org/r/69086/diff/1/ Testing ------- sudo make check (Fedora 28) Thanks, James Peach