[MESOS-6324] CNI should not use `ifconfig` in executors `pre_exec_command` - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.0.2, 1.1.0
Component/s: containerization
Labels:
None

Target Version/s:

1.0.2, 1.1.0
Sprint:
Mesosphere Sprint 44
Story Points:
1

Description

Currently the `network/cni` isolator sets up the `pre_exec_command` for executors when a container needs to be launched on a non-host network. The `pre_exec_command` is `ifconfig lo up`. This is done to primarily bring loopback up in the new network namespace.

Setting up the `pre_exec_command` to bring loopback up is problematic since the executors PATH variable is generally very limited (doesn't contain all path that the agents PATH variable has due to security concerns).

Therefore instead of running `ifconfig lo up` in the `pre_exec_command` we should run it in `NetworkCniIsolatorSetup` subcommand, which runs with the same PATH variable as the agent.

Attachments

Activity

People

Assignee:: Avinash Sridharan

Reporter:: Avinash Sridharan

Shepherd:: Jie Yu

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 07/Oct/16 01:07

Updated:: 11/Oct/16 18:58

Resolved:: 07/Oct/16 23:24