> On Aug. 11, 2016, 10:06 p.m., Jie Yu wrote:
> > src/linux/capabilities.cpp, line 298
> > <https://reviews.apache.org/r/50266/diff/6/?file=1470369#file1470369line298>
> >
> > This sounds important because ProcessCapabilities allows getting bounding set.
Can you follow up with a patch to address this TODO?
> >
> > Take a look at the implementation here:
> > https://github.com/syndtr/gocapability/blob/master/capability/capability_linux.go#L382-L417
I added https://reviews.apache.org/r/51043/ to implement this.
- Benjamin
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50266/#review145515
-----------------------------------------------------------
On Aug. 10, 2016, 9:14 p.m., Benjamin Bannier wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50266/
> -----------------------------------------------------------
>
> (Updated Aug. 10, 2016, 9:14 p.m.)
>
>
> Review request for mesos and Jie Yu.
>
>
> Bugs: MESOS-5051
> https://issues.apache.org/jira/browse/MESOS-5051
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This change introduces basic API for linux capabilities. This is not a
> comprehensive API but is strictly limited to the need for securing Mesos
> containers using linux capabilities.
>
> This patch is based on the work in https://reviews.apache.org/r/46370/.
>
>
> Diffs
> -----
>
> src/CMakeLists.txt 1286ee08fe2d60867326a1f2585f054c20b52208
> src/Makefile.am 1a9b083493612cf610b80ac5a1c11c29d6302933
> src/linux/capabilities.hpp PRE-CREATION
> src/linux/capabilities.cpp PRE-CREATION
>
> Diff: https://reviews.apache.org/r/50266/diff/
>
>
> Testing
> -------
>
> `make check` and `sudo make check` (Debian jessie, gcc-4.9.2, w/o optimizations)
>
>
> Thanks,
>
> Benjamin Bannier
>
>
|