----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69086/#review210318 -----------------------------------------------------------
src/slave/containerizer/mesos/isolators/filesystem/linux.cpp Lines 73-80 (patched) <https://reviews.apache.org/r/69086/#comment294976> I would prefer simply use `ContainerMountInfo`, instead of introducing another struct. src/slave/containerizer/mesos/isolators/filesystem/linux.cpp Lines 179 (patched) <https://reviews.apache.org/r/69086/#comment294977> You don't need this function if you use `ContainerMountInfo` directly src/slave/containerizer/mesos/isolators/filesystem/linux.cpp Lines 181 (patched) <https://reviews.apache.org/r/69086/#comment294975> Please fix indentation (2 spaces) src/slave/containerizer/mesos/isolators/filesystem/linux.cpp Lines 623-631 (patched) <https://reviews.apache.org/r/69086/#comment294979> I don't think this is needed. `prepareMount` in launch.cpp will actual do this implicitly. Bindly doing rslave will cause shared mount propagation feature to not work (needed by CSI integration) src/slave/containerizer/mesos/launch.cpp Line 466 (original), 471 (patched) <https://reviews.apache.org/r/69086/#comment294978> Do we still need this function? Looks like this is just a verification now. Can you simply move the logic to the main `execute()` method? - Jie Yu On Oct. 30, 2018, 9:03 p.m., James Peach wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69086/ > ----------------------------------------------------------- > > (Updated Oct. 30, 2018, 9:03 p.m.) > > > Review request for mesos, Gilbert Song, Jason Lai, Jie Yu, and Jiang Yan Xu. > > > Bugs: MESOS-9319 > https://issues.apache.org/jira/browse/MESOS-9319 > > > Repository: mesos > > > Description > ------- > > Previously, if the container was configured with a root filesytem, > the root was populated by a combination of the `fs::chroot:prepare` > API and the various isolators. The implementation details of some > isolators had leaked into the chroot code, which had a special case > for adding GPU devices. > > This change moves all the responsibility for defining the > root filesystem from the `fs::chroot::prepare()` API to the > `filesystem/linux` isolator. The `filesystem/linux` isolator is > now the single place that captures how to mount the container > pseudo-filesystems as well as how to construct a proper `/dev` > directory. > > Since the `linux/filesystem` isolator is now entirely responsible > for creating and mounting the container `/dev`, any other isolators > that enable access to devices can simply populate device nodes in > the container devices directory. After this change, the container > `/dev` is mounted read-only so that this cannot be used to escape > any disk quota. > > > Diffs > ----- > > src/linux/fs.hpp 31969f6ba82bf5ee549bfdf9698a21adaa486a90 > src/linux/fs.cpp 5cdffe1f4c7f00aee5b8f640e7cfa4a0018cfa0a > src/slave/containerizer/mesos/isolators/filesystem/linux.cpp > c7d753ac2e5575a8d687600bfb9e0617fa72c990 > src/slave/containerizer/mesos/isolators/gpu/isolator.hpp > 4645c625877d9451516133b24bd3959e0f49c0a9 > src/slave/containerizer/mesos/isolators/gpu/isolator.cpp > 56d835779618fd965d928c6926664583e9141f79 > src/slave/containerizer/mesos/isolators/linux/devices.cpp > 8f8ff95ec3856ba06647637a80315365d0e66e23 > src/slave/containerizer/mesos/launch.cpp > 7193da0a094df3e441e185c62b3a0379a0bdc4a2 > > > Diff: https://reviews.apache.org/r/69086/diff/6/ > > > Testing > ------- > > sudo make check (Fedora 28) > > > Thanks, > > James Peach > >