mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Bannier <benjamin.bann...@mesosphere.io>
Subject Re: Review Request 50270: Introduced linux capabilities support for mesos containerizer.
Date Mon, 15 Aug 2016 15:57:30 GMT 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50270/
-----------------------------------------------------------

(Updated Aug. 15, 2016, 5:57 p.m.)


Review request for mesos and Jie Yu.


Changes
-------

Cleanup.


Bugs: MESOS-5303
    https://issues.apache.org/jira/browse/MESOS-5303


Repository: mesos


Description
-------

This change introduces linux capability based security for unified
containerizer. A new agent flag \`allowed_capabilities\` has been
introduced to override the default capabilities of the user or the
capabilities requested by the user.

This feature is only available on linux.

This patch is based on https://reviews.apache.org/r/46798/.


Diffs (updated)
-----

  src/launcher/executor.cpp 2d04edbd58f881f59fca00b95803474724a49154 
  src/slave/flags.hpp ef2394cae5cb72ae627aaef443ac06a50bcfb16f 
  src/slave/flags.cpp c07d6e5e062b75c9dd867e3dced9e2cc8b69872d 

Diff: https://reviews.apache.org/r/50270/diff/


Testing
-------

`make check` and `sudo make check` (Debian jessie, gcc-4.9.2, w/o optimizations)


Thanks,

Benjamin Bannier
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message