mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jojy Varghese <>
Subject Re: Review Request 46798: Introduced linux capabilities support for mesos containerizer.
Date Thu, 05 May 2016 21:00:59 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated May 5, 2016, 9 p.m.)

Review request for mesos and Jie Yu.

Repository: mesos


This change introduces linux capability based security for unified
containerizer. A new agent flag `allowed_capabilities` has been
introduced to override the default capabilities of the user or the
capabilities requested by the user.

This feature is only available on linux.

Diffs (updated)

  src/launcher/executor.cpp 9f1d2168bc4ddbce1bcd25ff38dc1c34714eb28b 
  src/slave/containerizer/mesos/containerizer.hpp 13399f014dcd85defbff79f3b5aa4e7e75d41fd1

  src/slave/containerizer/mesos/containerizer.cpp 8d538954d6e1f13e833d75c2eaa37e700278ee0c

  src/slave/containerizer/mesos/launch.hpp c716e0396736d1f2f60ec31540f12f4f7597d081 
  src/slave/containerizer/mesos/launch.cpp e22106b014c871e2184a15c2ab154a0674874e47 
  src/slave/flags.hpp 4fa3213545d4bd3525d85c3f71749f00f08dc998 
  src/slave/flags.cpp 6fde51fc61cfcad61d4085c208bd2eca2eae8f14 
  src/tests/container_logger_tests.cpp efadceafca5721bce4dbffadb35f54fd5365abb0 
  src/tests/containerizer/filesystem_isolator_tests.cpp 29d313051865761306029f331eb36684c3252ffb

  src/tests/containerizer/mesos_containerizer_tests.cpp 09742ff21513dc2570684d384b257868dd57a9ce



make check; used mesos cli to test end to end functionality.


Jojy Varghese

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message