> On Aug. 1, 2024, 8:13 p.m., Benjamin Mahler wrote: > > src/slave/containerizer/mesos/isolators/gpu/isolator.cpp > > Lines 284-285 (patched) > > <https://reviews.apache.org/r/75074/diff/3/?file=2292281#file2292281line284> > > > > assigning to itself..? > > > > why not use your entry creation helper here? should we make an overload > > of is_access_granted for non-whitelist entry?
separate patch here: https://reviews.apache.org/r/75137/ - Jason ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75074/#review226759 ----------------------------------------------------------- On Aug. 2, 2024, 2:37 p.m., Jason Zhou wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75074/ > ----------------------------------------------------------- > > (Updated Aug. 2, 2024, 2:37 p.m.) > > > Review request for mesos and Benjamin Mahler. > > > Repository: mesos > > > Description > ------- > > Currently, the GPU isolator assumes we are only using cgroups v1, and > makes use of the cgroups::devices::allow and deny functions to control > GPU access. > > In Cgroups2, we need to attach ebpf programs for the specific cgroups, > which is done for us in the DeviceManager. Hence, we need to use the > DeviceManager in the GPU isolator depending on whether cgroups v1 or v2 > is currently mounted > > > Diffs > ----- > > src/slave/containerizer/mesos/containerizer.cpp > 9bafb137ba67bfed5cfb24c1a3af9203fde9e821 > src/slave/containerizer/mesos/isolators/gpu/isolator.hpp > e4f221d5f63ed1db044acabbbd427a30a0f69ced > src/slave/containerizer/mesos/isolators/gpu/isolator.cpp > 99119f938e2eb5ca6a8b64d073c87ca5032a00b8 > > > Diff: https://reviews.apache.org/r/75074/diff/4/ > > > Testing > ------- > > Existing GPU isolator tests pass, with the exception of the > DefaultExecutorVerifyDeviceAccess test which is because we currently don't > support nested containers. > > > Thanks, > > Jason Zhou > >
