From reviews-return-59058-apmail-mesos-reviews-archive=mesos.apache.org@mesos.apache.org Wed Apr 12 12:25:13 2017 Return-Path: X-Original-To: apmail-mesos-reviews-archive@minotaur.apache.org Delivered-To: apmail-mesos-reviews-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BA8181981C for ; Wed, 12 Apr 2017 12:25:13 +0000 (UTC) Received: (qmail 11649 invoked by uid 500); 12 Apr 2017 12:25:13 -0000 Delivered-To: apmail-mesos-reviews-archive@mesos.apache.org Received: (qmail 11610 invoked by uid 500); 12 Apr 2017 12:25:13 -0000 Mailing-List: contact reviews-help@mesos.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: reviews@mesos.apache.org Delivered-To: mailing list reviews@mesos.apache.org Received: (qmail 11599 invoked by uid 99); 12 Apr 2017 12:25:13 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Apr 2017 12:25:13 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id EC6831A0765; Wed, 12 Apr 2017 12:25:12 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3.249 X-Spam-Level: *** X-Spam-Status: No, score=3.249 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=2, KAM_LAZY_DOMAIN_SECURITY=1, KAM_LOTSOFHASH=0.25, RP_MATCHES_RCVD=-0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id Gaf6wU3p-B6x; Wed, 12 Apr 2017 12:25:11 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 23FD75FAE0; Wed, 12 Apr 2017 12:25:11 +0000 (UTC) Received: from reviews.apache.org (unknown [10.41.0.12]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 9119DE0026; Wed, 12 Apr 2017 12:25:10 +0000 (UTC) Received: from reviews-vm2.apache.org (localhost [IPv6:::1]) by reviews.apache.org (ASF Mail Server at reviews-vm2.apache.org) with ESMTP id 822E6C4049E; Wed, 12 Apr 2017 12:25:10 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============6463065476898414528==" MIME-Version: 1.0 Subject: Re: Review Request 58337: Add allowed devices whitelist for cgroups/devices isolator. From: Mesos Reviewbot To: haosdent huang Cc: Mesos Reviewbot , mesos , Zhongbo Tian Date: Wed, 12 Apr 2017 12:25:10 -0000 Message-ID: <20170412122510.22151.55480@reviews-vm2.apache.org> X-ReviewBoard-URL: https://reviews.apache.org/ Auto-Submitted: auto-generated Sender: Mesos Reviewbot X-ReviewGroup: mesos X-Auto-Response-Suppress: DR, RN, OOF, AutoReply X-ReviewRequest-URL: https://reviews.apache.org/r/58337/ X-Sender: Mesos Reviewbot References: <20170412041728.31601.42531@reviews-vm2.apache.org> In-Reply-To: <20170412041728.31601.42531@reviews-vm2.apache.org> Reply-To: Mesos Reviewbot X-ReviewRequest-Repository: mesos --===============6463065476898414528== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58337/#review171721 ----------------------------------------------------------- Patch looks great! Reviews applied: [58337] Passed command: export OS='ubuntu:14.04' BUILDTOOL='autotools' COMPILER='gcc' CONFIGURATION='--verbose' ENVIRONMENT='GLOG_v=1 MESOS_VERBOSE=1'; ./support/docker-build.sh - Mesos Reviewbot On April 12, 2017, 4:17 a.m., Zhongbo Tian wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58337/ > ----------------------------------------------------------- > > (Updated April 12, 2017, 4:17 a.m.) > > > Review request for mesos and haosdent huang. > > > Bugs: MESOS-6791 > https://issues.apache.org/jira/browse/MESOS-6791 > > > Repository: mesos > > > Description > ------- > > Add allowed devices whitelist for cgroups/devices isolator. > > > Diffs > ----- > > src/slave/containerizer/mesos/isolators/cgroups/subsystems/devices.hpp ca2727142a9f257168f3cae0958f7b4665b63cf6 > src/slave/containerizer/mesos/isolators/cgroups/subsystems/devices.cpp 9b5cf83093796b0c0cc5057b612f80bc8b8ba72f > src/slave/flags.hpp 171f67e44518e858049d002fcf037715021da265 > src/slave/flags.cpp 9365da2c8462a4375a99a86210b9d6ec628510fe > > > Diff: https://reviews.apache.org/r/58337/diff/3/ > > > Testing > ------- > > For simple test: > > - Launch without additional devices: > 1. Start agent with `sudo mesos-agent --master=127.0.0.1:5050 --work_dir=/tmp/mesos --isolation=cgroups/devices` > 2. try open `/dev/rtc0` and failed with permission denied. `sudo mesos-execute --master=127.0.0.1:5050 --name=test --command="head -c 0 /dev/rtc0"` > > > - Launch with additional devices: > 1. Start agent with `sudo mesos-agent --master=127.0.0.1:5050 --work_dir=/tmp/mesos --isolation=cgroups/devices --cgroups_allowed_devices='{"devices":[{"path":"/dev/rtc0", "mknod_access":true, "read_access":true, "write_access":true}]}'` > 2. open `/dev/rtc0` successfully. `sudo mesos-execute --master=127.0.0.1:5050 --name=test --command="head -c 0 /dev/rtc0"` > > > Thanks, > > Zhongbo Tian > > --===============6463065476898414528==--