Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-5410

Support cgroup namespace in unified container

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Reviewable
    • Major
    • Resolution: Unresolved
    • None
    • None
    • containerization
    • None

    Description

      In Linux 4.6 kernel, a new namespace (cgroup namespace) was introduced to make a process can be created in its own cgroup namespace so that the global cgroup hierarchy will not be leaked to the process. See the following link for more details about this namespace:
      http://man7.org/linux/man-pages/man7/cgroup_namespaces.7.html

      We need to support this namespace in unified container to provide better isolation for the containers created by Mesos.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. MESOS-5446 NsTest.ROOT_setns and NsTest.ROOT_getns failed in Linux 4.6

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. MESOS-6414 cgroups isolator cleanup failed when the hierarchy is cleanup by docker daemon

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. MESOS-5991 Support running docker daemon inside a container using unified containerizer.

          • Major - Major loss of function.
          • Accepted
          relates to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. MESOS-4697 Consolidate cgroup isolators into one single isolator.

          • Major - Major loss of function.
          • In Progress

          Bug - A problem which impairs or prevents the functions of the product. MESOS-5668 Add CGROUP namespace to linux ns helper.

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. MESOS-6489 Better support for containers that want to manage their own cgroup.

          • Major - Major loss of function.
          • Reviewable
          mentioned in

          Page Loading...

          Activity

            People

              haosdent@gmail.com haosdent
              qianzhang Qian Zhang
              Jie Yu Jie Yu
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated: