[MESOS-9019] Validate that container paths are unique in `ContainerInfo.volumes`. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: containerization
Labels:
- containerizer
- mesosphere

Target Version/s:

1.8.1
Story Points:
2

Description

Currently we allow two volumes to have the same container_path. The bind-mount of a later volume would overwrite that of an earlier one.

However, if the two volumes are file-based secrets, the containerizer will generate pre-exec commands similar to the following:

mv -f secret1 source
mount -n --rbind source container_path
mv -f secret2 source
mount -n --rbind source container_path

The second mv would rename secret2 to source, but target remains bounded to the gone secret1, and this would make the last mount result in an ENOENT.

In general, allowing multiple with the same container_path is not useful, so we should disallow it and validate that in advance instead of getting a failure during container launch.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Chun-Hung Hsiao

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 22/Jun/18 02:55

Updated:: 03/May/19 19:16