mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Bannier <>
Subject Re: Review Request 50271: Created an isolator for Linux capabilities.
Date Thu, 22 Sep 2016 21:48:54 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated Sept. 22, 2016, 11:48 p.m.)

Review request for mesos, Jay Guo and Jie Yu.


Addressed Jie's comments,

* only build capabilities isolator under Linux,
* do not yet reject tasks with empty requested capability set when no agent capability isolation

Bugs: MESOS-5275

Repository: mesos


This isolator evaluates agent allowed capabilities and passes net
capabilities on to `mesos-containerizer` which enforces the

Capability information is passed via a new field in

Diffs (updated)

  include/mesos/slave/containerizer.proto 20db010ea158a813034b411111ce9cddac7d8317 
  src/CMakeLists.txt 42c52b60cc850901f2eff1545cf7900f4a65ca81 
  src/ bfdb66a6969a35660d545210c1c6951926117ef3 
  src/slave/containerizer/mesos/containerizer.cpp 144b0db501d40d4e0bba12672723616bedd76e7e

  src/slave/containerizer/mesos/isolators/linux/capabilities.hpp PRE-CREATION 
  src/slave/containerizer/mesos/isolators/linux/capabilities.cpp PRE-CREATION 
  src/slave/containerizer/mesos/launch.hpp 859990cb85e9e8c06400397256cfc512f0811800 
  src/slave/containerizer/mesos/launch.cpp 48ec3707d772ec68e34acfc5adb47e25336ae8d3 
  src/slave/flags.hpp 3952d04f6a00ac1dca1adf2bea7cc6e415620ce5 
  src/tests/containerizer/isolator_tests.cpp b4d25e57df7f0e157769c9ae4f7847657c505e78 


Testing (updated)

`make check` and `sudo make check` (Debian jessie, gcc-4.9.2, w/o optimizations)
`make` (OS X, clang-4.0 w/o optimizations)


Benjamin Bannier

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message