mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jojy Varghese <j...@mesosphere.io>
Subject Re: Review Request 46370: Introduced linux capabilities API.
Date Wed, 20 Apr 2016 19:00:33 GMT


> On April 20, 2016, 3:15 a.m., Kevin Klues wrote:
> > src/linux/capabilities.hpp, lines 94-99
> > <https://reviews.apache.org/r/46370/diff/1/?file=1350684#file1350684line94>
> >
> >     From my reading of: http://man7.org/linux/man-pages/man7/capabilities.7.html
> >     
> >     this enum should probably be called `Set`.
> >     
> >     Note, the name `Capability` at the front is unnecessary if we embed this in
the `capabilities` namespace.
> >     
> >     Also, it's pretty standard practice in C++ to define an `enum` as a `enum class`
for better type checking.  As such, you can define the final element with a common name of
`COUNT` to get at the size of the enum.
> >     
> >     For example, you can get at the size of the enum as: `capabilities::Set::COUNT`
instead of relying on the `const` for `NUMBER_OF_CAP_SETS` defined above.
> 
> Jojy Varghese wrote:
>     Although i agree that C++11 supports enum classes, couple of reasons for using plain
enum here:
>     1. Other places in the code mostly use plain old enums.
>     2. Its hard(not impossible) to get the value of the enum class's element (say for
printing).

regarding naming, If you look at the code of libcap (a standard portable capability interface)
(https://github.com/abstrakraft/lxc-android-libcap/blob/master/libcap/libcap.h), the name
`set` is referenced for the value and not the type. In fact the `SystemCallPayload` structure
in my code is same from libcap.


- Jojy


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46370/#review129674
-----------------------------------------------------------


On April 19, 2016, 5:02 p.m., Jojy Varghese wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46370/
> -----------------------------------------------------------
> 
> (Updated April 19, 2016, 5:02 p.m.)
> 
> 
> Review request for mesos, Jie Yu and Kevin Klues.
> 
> 
> Bugs: MESOS-5051
>     https://issues.apache.org/jira/browse/MESOS-5051
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This change introduces basic API for linux capabilities. This is not a
> comprehensive API but is strictly limited to the need for securing Mesos
> containers using linux capabilities.
> 
> 
> Diffs
> -----
> 
>   src/CMakeLists.txt ca59a1824352423f4db6ef8bb41acc6fe602c041 
>   src/Makefile.am a8f68316c5d4d4c82d99363535a97fa5b1caafc5 
>   src/linux/capabilities.hpp PRE-CREATION 
>   src/linux/capabilities.cpp PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/46370/diff/
> 
> 
> Testing
> -------
> 
> make check.
> 
> 
> Thanks,
> 
> Jojy Varghese
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message