----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69086/ -----------------------------------------------------------
(Updated Oct. 29, 2018, 11:59 p.m.) Review request for mesos, Gilbert Song, Jason Lai, Jie Yu, and Jiang Yan Xu. Summary (updated) ----------------- Moved container root construction to the isolators. Bugs: MESOS-9319 https://issues.apache.org/jira/browse/MESOS-9319 Repository: mesos Description (updated) ------- Previously, if the container was configured with a root filesytem, the root was populated by a combination of the `fs::chroot:prepare` API and the various isolators. The implementation details of some isolators had leaked into the chroot code, which had a special case for adding GPU devices. This change moves all the responsibility for defining the root filesystem from the `fs::chroot::prepare()` API to the `filesystem/linux` isolator. The `filesystem/linux` isolator is now the single place that captures how to mount the container pseudo-filesystems as well as how to construct a proper `/dev` directory. Since the `linux/filesystem` isolator is now entirely responsible for creating and mounting the container `/dev`, any other isolators that enable access to devices can simply populate device nodes in the container devices directory. After this change, the container `/dev` is mounted read-only so that this cannot be used to escape any disk quota. Diffs (updated) ----- src/linux/fs.hpp 31969f6ba82bf5ee549bfdf9698a21adaa486a90 src/linux/fs.cpp 3a58bf9a44c4e1d454f3d754952705b1fd0a0b1d src/slave/containerizer/mesos/isolators/filesystem/linux.cpp c7d753ac2e5575a8d687600bfb9e0617fa72c990 src/slave/containerizer/mesos/isolators/gpu/isolator.hpp 4645c625877d9451516133b24bd3959e0f49c0a9 src/slave/containerizer/mesos/isolators/gpu/isolator.cpp 56d835779618fd965d928c6926664583e9141f79 src/slave/containerizer/mesos/isolators/linux/devices.cpp 8f8ff95ec3856ba06647637a80315365d0e66e23 src/slave/containerizer/mesos/launch.cpp 7193da0a094df3e441e185c62b3a0379a0bdc4a2 Diff: https://reviews.apache.org/r/69086/diff/4/ Changes: https://reviews.apache.org/r/69086/diff/3-4/ Testing ------- sudo make check (Fedora 28) Thanks, James Peach