mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jojy Varghese <>
Subject Re: Review Request 46798: Introduced linux capabilities support for mesos containerizer.
Date Fri, 13 May 2016 00:50:30 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated May 13, 2016, 12:50 a.m.)

Review request for mesos and Jie Yu.

Repository: mesos

Description (updated)

This change introduces linux capability based security for unified
containerizer. A new agent flag \`allowed_capabilities\` has been
introduced to override the default capabilities of the user or the
capabilities requested by the user.

This feature is only available on linux.

Diffs (updated)

  src/launcher/executor.cpp fa4a89e97b0c427b4595a6adebc397aeb5bfaaa5 
  src/slave/containerizer/mesos/containerizer.hpp a1a00020668f6da8d611f26e5637afffc87d09ba

  src/slave/containerizer/mesos/containerizer.cpp 75e5a32a3e70ec60a6800e21a621673184ea0956

  src/slave/containerizer/mesos/launch.hpp c716e0396736d1f2f60ec31540f12f4f7597d081 
  src/slave/containerizer/mesos/launch.cpp e22106b014c871e2184a15c2ab154a0674874e47 
  src/slave/flags.hpp 4fa3213545d4bd3525d85c3f71749f00f08dc998 
  src/slave/flags.cpp 6fde51fc61cfcad61d4085c208bd2eca2eae8f14 
  src/tests/container_logger_tests.cpp efadceafca5721bce4dbffadb35f54fd5365abb0 
  src/tests/containerizer/filesystem_isolator_tests.cpp 4293416ac8434e9eb7e80724480a54936a2fe24a

  src/tests/containerizer/mesos_containerizer_tests.cpp 09742ff21513dc2570684d384b257868dd57a9ce



make check; used mesos cli to test end to end functionality.


Jojy Varghese

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message