> On Oct. 29, 2018, 4:42 a.m., Jie Yu wrote: > > src/linux/fs.hpp > > Lines 397-401 (patched) > > <https://reviews.apache.org/r/69086/diff/3/?file=2100940#file2100940line397> > > > > Any reason need this option? I was thinking just doing dev mounts > > always from linux fileystem isolator.
Since `fs::chroot` was originally designed as a stand-alone API, I wanted to preserve the ability to use it without the isolator layer. I'm not strongly attached to this approach, though, so we could just make all the mounts from the linux filesystem isolator. - James ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69086/#review210131 ----------------------------------------------------------- On Oct. 19, 2018, 5:38 p.m., James Peach wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69086/ > ----------------------------------------------------------- > > (Updated Oct. 19, 2018, 5:38 p.m.) > > > Review request for mesos, Gilbert Song, Jason Lai, Jie Yu, and Jiang Yan Xu. > > > Bugs: MESOS-9319 > https://issues.apache.org/jira/browse/MESOS-9319 > > > Repository: mesos > > > Description > ------- > > Previously, if the container was configured with a root filesystem, > the container `/dev` was populated by the chroot API and this API > had a special case for adding GPU devices. This change extends > the approach that was introduced in the `linux/devices` isolator > to construct the whole of the Linux container `/dev` hierarchy > before launching the container. The `linux/filesystem` isolator is > now responsible for mounting the container `/dev`, and any other > isolators that enable access to devices can simply populate device > nodes in the container devices directory. After this change, the > container `/dev` is mounted read-only so that this cannot be used > to escape any disk quota. > > > Diffs > ----- > > src/linux/fs.hpp 502f85c4a32d8658bdd701975dd5ac3d802d308e > src/linux/fs.cpp 9055ef42edd1fb90e1026d1d603a9ba902cfc1fd > src/slave/containerizer/mesos/isolators/filesystem/linux.cpp > a47899cb528eef103f299def3bd3466905ac5b51 > src/slave/containerizer/mesos/isolators/gpu/isolator.hpp > 4645c625877d9451516133b24bd3959e0f49c0a9 > src/slave/containerizer/mesos/isolators/gpu/isolator.cpp > dbbf92ffbe4a46cedca5b53f6ba172bfb308100e > src/slave/containerizer/mesos/isolators/linux/devices.cpp > 8f8ff95ec3856ba06647637a80315365d0e66e23 > src/slave/containerizer/mesos/launch.cpp > 7193da0a094df3e441e185c62b3a0379a0bdc4a2 > > > Diff: https://reviews.apache.org/r/69086/diff/3/ > > > Testing > ------- > > sudo make check (Fedora 28) > > > Thanks, > > James Peach > >
