mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jie Yu <yujie....@gmail.com>
Subject Re: Review Request 50266: Introduced linux capabilities API.
Date Thu, 11 Aug 2016 20:06:23 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50266/#review145515
-----------------------------------------------------------


Fix it, then Ship it!




Thanks! I did a few adjustments for you. Please see the final patch I committed and avoid
the same problem in the future.


src/linux/capabilities.hpp (line 86)
<https://reviews.apache.org/r/50266/#comment211835>

    Chanage the name to BOUNDING to be consistent with kernel documentation.



src/linux/capabilities.hpp (lines 98 - 102)
<https://reviews.apache.org/r/50266/#comment211758>

    This should be moved the private section. Please see google style.



src/linux/capabilities.hpp (lines 112 - 118)
<https://reviews.apache.org/r/50266/#comment211760>

    You should use the `/***/` style comments here.



src/linux/capabilities.hpp (lines 123 - 130)
<https://reviews.apache.org/r/50266/#comment211759>

    the leading `*` should be shift right by one space.



src/linux/capabilities.hpp (line 189)
<https://reviews.apache.org/r/50266/#comment211767>

    why mixing last cap and max cap? I'd just call it `lastCap` here to be consistent.



src/linux/capabilities.hpp (lines 194 - 195)
<https://reviews.apache.org/r/50266/#comment211761>

    Kill these two lines.



src/linux/capabilities.cpp (line 42)
<https://reviews.apache.org/r/50266/#comment211762>

    Kill this line.



src/linux/capabilities.cpp (line 53)
<https://reviews.apache.org/r/50266/#comment211764>

    Is this still used?? I see it being used in a really wierd place.



src/linux/capabilities.cpp (line 55)
<https://reviews.apache.org/r/50266/#comment211763>

    According to http://man7.org/linux/man-pages/man2/capset.2.html, this should be uint32_t
    
    Also, I'd just inline it.



src/linux/capabilities.cpp (line 56)
<https://reviews.apache.org/r/50266/#comment211765>

    No need for this constant. Directly use `_LINUX_CAPABILITY_U32S_3` below.



src/linux/capabilities.cpp (line 135)
<https://reviews.apache.org/r/50266/#comment211771>

    We don't rely on implicit conversion for if condition:
    ```
    if (capabilities.count(...) > 0)
    ```



src/linux/capabilities.cpp (line 247)
<https://reviews.apache.org/r/50266/#comment211766>

    Why the `Bit` suffix?



src/linux/capabilities.cpp (line 262)
<https://reviews.apache.org/r/50266/#comment211768>

    Is this correct?



src/linux/capabilities.cpp (line 298)
<https://reviews.apache.org/r/50266/#comment211769>

    This sounds important because ProcessCapabilities allows getting bounding set. Can you
follow up with a patch to address this TODO?
    
    Take a look at the implementation here:
    https://github.com/syndtr/gocapability/blob/master/capability/capability_linux.go#L382-L417



src/linux/capabilities.cpp (lines 312 - 313)
<https://reviews.apache.org/r/50266/#comment211783>

    Looks like the conversion here is just for reusing stringify. Why not just make stringify
support `Set`?
    
    Let's avoid such workaround in Mesos. This hurts readability a lot.



src/linux/capabilities.cpp (line 320)
<https://reviews.apache.org/r/50266/#comment211836>

    Why make an exception for EINVAL here? File capability is supported from 2.6.24. We assume
a much higher kernel. No need for this exception.



src/linux/capabilities.cpp (line 446)
<https://reviews.apache.org/r/50266/#comment211789>

    Is this correct???



src/linux/capabilities.cpp (lines 453 - 455)
<https://reviews.apache.org/r/50266/#comment211797>

    Please split the CHECK so that we can get more detailed message when there's a check failure.


- Jie Yu


On Aug. 10, 2016, 7:14 p.m., Benjamin Bannier wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50266/
> -----------------------------------------------------------
> 
> (Updated Aug. 10, 2016, 7:14 p.m.)
> 
> 
> Review request for mesos and Jie Yu.
> 
> 
> Bugs: MESOS-5051
>     https://issues.apache.org/jira/browse/MESOS-5051
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This change introduces basic API for linux capabilities. This is not a
> comprehensive API but is strictly limited to the need for securing Mesos
> containers using linux capabilities.
> 
> This patch is based on the work in https://reviews.apache.org/r/46370/.
> 
> 
> Diffs
> -----
> 
>   src/CMakeLists.txt 1286ee08fe2d60867326a1f2585f054c20b52208 
>   src/Makefile.am 1a9b083493612cf610b80ac5a1c11c29d6302933 
>   src/linux/capabilities.hpp PRE-CREATION 
>   src/linux/capabilities.cpp PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/50266/diff/
> 
> 
> Testing
> -------
> 
> `make check` and `sudo make check` (Debian jessie, gcc-4.9.2, w/o optimizations)
> 
> 
> Thanks,
> 
> Benjamin Bannier
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message