From 8ddcb222e9bc06dc8b89da52f4c9bdbcefdd8993 Mon Sep 17 00:00:00 2001
From: "Dr. Stefan Schimanski" <stefan.schimanski@gmail.com>
Date: Tue, 18 Aug 2015 17:42:58 +0200
Subject: [PATCH] Stop the kubelet from taking control over cgroups and other
 processes

---
 contrib/mesos/pkg/executor/service/service.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/contrib/mesos/pkg/executor/service/service.go b/contrib/mesos/pkg/executor/service/service.go
index 4f12786420..e3ff40e169 100644
--- a/contrib/mesos/pkg/executor/service/service.go
+++ b/contrib/mesos/pkg/executor/service/service.go
@@ -99,6 +99,12 @@ func NewKubeletExecutorServer() *KubeletExecutorServer {
 	k.Address = net.ParseIP(defaultBindingAddress())
 	k.ShutdownFD = -1 // indicates unspecified FD
 
+	// empty string for all containers (= cgroup paths) which stop the kubelet
+	// from taking any control over the cgroups of itself and other system processes.
+	k.SystemContainer = ""
+	k.ResourceContainer = ""
+	k.DockerDaemonContainer = ""
+
 	return k
 }
 
@@ -134,8 +140,6 @@ func (s *KubeletExecutorServer) Run(hks hyperkube.Interface, _ []string) error {
 	// derive the executor cgroup and use it as docker cgroup root
 	mesosCgroup := findMesosCgroup(s.cgroupPrefix)
 	s.cgroupRoot = mesosCgroup
-	s.SystemContainer = mesosCgroup
-	s.ResourceContainer = mesosCgroup
 	log.V(2).Infof("passing cgroup %q to the kubelet as cgroup root", s.CgroupRoot)
 
 	// create apiserver client