----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69086/#review210131 -----------------------------------------------------------
src/linux/fs.hpp Lines 397-401 (patched) <https://reviews.apache.org/r/69086/#comment294766> Any reason need this option? I was thinking just doing dev mounts always from linux fileystem isolator. src/linux/fs.cpp Line 697 (original), 675 (patched) <https://reviews.apache.org/r/69086/#comment294767> Can we do those in linux filesystem isolator too? src/slave/containerizer/mesos/isolators/filesystem/linux.cpp Lines 414 (patched) <https://reviews.apache.org/r/69086/#comment294759> Not related to this patch. When I review this patch, I was looking at paths.hpp and couldn't find any comments related to `devices` folder. Can you update the comments there (in the begining of `src/slave/containerizer/mesos/paths.hpp`) src/slave/containerizer/mesos/isolators/filesystem/linux.cpp Lines 417-420 (patched) <https://reviews.apache.org/r/69086/#comment294760> This sounds unnecessary given we just created an empty `launchInfo` above. We don't yet pass `launchInfo` to other isolators yet. src/slave/containerizer/mesos/isolators/filesystem/linux.cpp Lines 433 (patched) <https://reviews.apache.org/r/69086/#comment294763> Instead of CHECK_SOME, i'd still prefer we return a Failure here. src/slave/containerizer/mesos/isolators/filesystem/linux.cpp Lines 436 (patched) <https://reviews.apache.org/r/69086/#comment294764> Ditto. src/slave/containerizer/mesos/launch.cpp Lines 510 (patched) <https://reviews.apache.org/r/69086/#comment294765> Is this intentional? - Jie Yu On Oct. 19, 2018, 5:38 p.m., James Peach wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69086/ > ----------------------------------------------------------- > > (Updated Oct. 19, 2018, 5:38 p.m.) > > > Review request for mesos, Gilbert Song, Jason Lai, Jie Yu, and Jiang Yan Xu. > > > Bugs: MESOS-9319 > https://issues.apache.org/jira/browse/MESOS-9319 > > > Repository: mesos > > > Description > ------- > > Previously, if the container was configured with a root filesystem, > the container `/dev` was populated by the chroot API and this API > had a special case for adding GPU devices. This change extends > the approach that was introduced in the `linux/devices` isolator > to construct the whole of the Linux container `/dev` hierarchy > before launching the container. The `linux/filesystem` isolator is > now responsible for mounting the container `/dev`, and any other > isolators that enable access to devices can simply populate device > nodes in the container devices directory. After this change, the > container `/dev` is mounted read-only so that this cannot be used > to escape any disk quota. > > > Diffs > ----- > > src/linux/fs.hpp 502f85c4a32d8658bdd701975dd5ac3d802d308e > src/linux/fs.cpp 9055ef42edd1fb90e1026d1d603a9ba902cfc1fd > src/slave/containerizer/mesos/isolators/filesystem/linux.cpp > a47899cb528eef103f299def3bd3466905ac5b51 > src/slave/containerizer/mesos/isolators/gpu/isolator.hpp > 4645c625877d9451516133b24bd3959e0f49c0a9 > src/slave/containerizer/mesos/isolators/gpu/isolator.cpp > dbbf92ffbe4a46cedca5b53f6ba172bfb308100e > src/slave/containerizer/mesos/isolators/linux/devices.cpp > 8f8ff95ec3856ba06647637a80315365d0e66e23 > src/slave/containerizer/mesos/launch.cpp > 7193da0a094df3e441e185c62b3a0379a0bdc4a2 > > > Diff: https://reviews.apache.org/r/69086/diff/3/ > > > Testing > ------- > > sudo make check (Fedora 28) > > > Thanks, > > James Peach > >