mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jie Yu <yujie....@gmail.com>
Subject Re: Review Request 50592: Updated NvidiaVolume to mount as 'tmpfs' if parent fs is 'noexec'.
Date Mon, 01 Aug 2016 16:02:25 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50592/#review144338
-----------------------------------------------------------


Ship it!




Ship It!

- Jie Yu


On July 31, 2016, 6:55 p.m., Kevin Klues wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50592/
> -----------------------------------------------------------
> 
> (Updated July 31, 2016, 6:55 p.m.)
> 
> 
> Review request for mesos, Benjamin Mahler and Jie Yu.
> 
> 
> Bugs: MESOS-5923
>     https://issues.apache.org/jira/browse/MESOS-5923
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch is in response to an issue we ran into on Ubuntu 14.04,
> where '/run' is being mounted as 'noexec' (MESOS-5923). Since our
> NvidiaVolume is created below this mount point, we are unable to
> execute any binaries we add to this volume. This causes problems, for
> example, when trying to execute 'nvidia-smi' from within a container
> that has this volume mounted in.
> 
> To work around this issue, we detect if any mount point above the path
> where we create the volume is marked as 'noexec', and if so, we create
> a new 'tmpfs' mount for the volume without 'noexec' set.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/gpu/volume.cpp 4b3651a8266b1ba193f6d207cd3be1ce55629703

> 
> Diff: https://reviews.apache.org/r/50592/diff/
> 
> 
> Testing
> -------
> 
> Remount /run as 'noexec'
> 
> `GTEST_FILTER="*NVIDIA*" make -j check`
> 
> Also ran a master/agent/execute set running 'nvidia-smi' both inside and outside a docker
container.
> Both setups ran successfully.
> 
> 
> Thanks,
> 
> Kevin Klues
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message